Any info on CVE-2006-1721 ?
Biswatosh
biswatosh2001 at yahoo.com
Wed Oct 4 04:07:18 EDT 2006
Thx Kai. Pls see my response inline.
--- Kai Blin <blin at gmx.net> wrote:
> On Wednesday 04 October 2006 08:13, Biswatosh wrote:
>
> > 2)What if,
> > (a) realm != NULL
> > and (b) strcmp(realm,text->realm) != 0
> > and (c) text->realm[0] == 0 , are all true?
>
> This is a != 0, not a == 0. So we make sure that...
Yes, SASL code checks text->realm[0] != 0, correct but
my question was what if text->realm[0] == 0 ,and
having realm !=NULL and realm not same as text->realm
?
Where is this being validated? Why are we not making
SETERROR(sparams->util,"realm changed: authentication
aborted") then? The realm has certainly changed,is not
it, even if text->realm is an empty string?
> (a) realm is not a NULL pointer,
> (b) realm is not identical to text->realm
> (c) text->realm is not an empty string
>
> If all of those a true, SASL_BADAUTH is returned.
>
Yes,like I said above, what if (a),(b) are true but
(c) is false?
> > If a,b and c are true then it won't return
> SASL_BADAUTH
> > and won't set error to "realm changed:
> authentication
> > aborted".
>
> Well, if all those are true, it will set that error.
> strcmp returns 0 if two
> strings are identical.
>
> > But then, has not the realm actually changed
> > because of (b)? Should we not throw an error then?
>
> Well, the code does.
How? Of course, the answer to my questions above
should perhaps answer this.
>
> Kai
>
> --
> Kai Blin, <blin At gmx Dot net>
> WorldForge developer http://www.worldforge.org/
> Wine developer
> http://wiki.winehq.org/KaiBlin/
> --
> Ninjas and Pirates agree: Cowboys suck!
>
Thanks
Biswatosh
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Cyrus-sasl
mailing list