Any info on CVE-2006-1721 ?
Kai Blin
blin at gmx.net
Wed Oct 4 03:03:51 EDT 2006
On Wednesday 04 October 2006 08:13, Biswatosh wrote:
> 2)What if,
> (a) realm != NULL
> and (b) strcmp(realm,text->realm) != 0
> and (c) text->realm[0] == 0 , are all true?
This is a != 0, not a == 0. So we make sure that...
(a) realm is not a NULL pointer,
(b) realm is not identical to text->realm
(c) text->realm is not an empty string
If all of those a true, SASL_BADAUTH is returned.
> If a,b and c are true then it won't return SASL_BADAUTH
> and won't set error to "realm changed: authentication
> aborted".
Well, if all those are true, it will set that error. strcmp returns 0 if two
strings are identical.
> But then, has not the realm actually changed
> because of (b)? Should we not throw an error then?
Well, the code does.
Kai
--
Kai Blin, <blin At gmx Dot net>
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin/
--
Ninjas and Pirates agree: Cowboys suck!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20061004/1dc2f9ff/attachment.bin
More information about the Cyrus-sasl
mailing list