[SASL-CVS] src/sasl/lib by murch

Alexey Melnikov alexey.melnikov at isode.com
Mon Apr 27 11:45:38 EDT 2009


murch at andrew.cmu.edu wrote:

>Update of /afs/andrew/system/cvs/src/sasl/lib
>In directory unix11.andrew.cmu.edu:/var/tmp/cvs-serv5340/lib
>
>Modified Files:
>	saslutil.c 
>Log Message:
>Fixed CERT VU#238019 (make sure sasl_encode64() always NUL terminates output or returns SASL_BUFOVER)
>
>
>--- links to diffs follow ---
>http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/saslutil.c.diff?r1=1.48&r2=1.49
>
Note that there is a side-effect of this change: implementations that 
allocate needed size + 1 byte and only pass in the needed size would 
stop working.
E.g.

    base64len = (length * 4 / 3) + ((length % 3) ? 4 : 0);
    data = malloc(base64len + 1);
  
    if (sasl_encode64(binary,
                 length,
                 data,
                 base64len,
                 NULL) != SASL_OK) {
////Error
    }

would return SASL_BUFOVER now. To fix this one needs to pass 
"base64len+1" in the 4th parameter.



More information about the Cyrus-sasl mailing list