Any info on CVE-2006-1721 ?

Kai Blin blin at gmx.net
Wed Oct 4 03:03:51 EDT 2006


On Wednesday 04 October 2006 08:13, Biswatosh wrote:

> 2)What if,
>          (a) realm != NULL
>      and (b) strcmp(realm,text->realm) != 0
>      and (c) text->realm[0] == 0 ,  are all true?

This is a != 0, not a == 0. So we make sure that...
(a) realm is not a NULL pointer,
(b) realm is not identical to text->realm
(c) text->realm is not an empty string

If all of those a true, SASL_BADAUTH is returned.

> If a,b and c are true then it won't return SASL_BADAUTH
> and won't set error to "realm changed: authentication
> aborted". 

Well, if all those are true, it will set that error. strcmp returns 0 if two 
strings are identical.

> But then, has not the realm actually changed 
> because of (b)? Should we not throw an error then?

Well, the code does.

Kai

-- 
Kai Blin, <blin At gmx Dot net>
WorldForge developer    http://www.worldforge.org/
Wine developer          http://wiki.winehq.org/KaiBlin/
--
Ninjas and Pirates agree: Cowboys suck!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20061004/1dc2f9ff/attachment.bin


More information about the Cyrus-sasl mailing list