BUG: Garbage in output buffer when using canonuser_plugin: ldapdb, patch included

Howard Chu hyc at highlandsun.com
Sat Oct 13 07:29:55 EDT 2012


Paweł Tomulik wrote:
> Hi,
>
> I found that there is problem with ldap-based username canonicalization
> (at least in cyrus-sasl-2.1.25).
>
> This happens, when the input username is longer than canonical
> user name returned from LDAP (note, there is an exception for
> the cases, when the attribute defined as canonical name is used
> as entry's RDN).
>
> Consider, we have original login 12345678 at example.tld, for which
> the canonical name (e.g. uid) returned from LDAP is 1234 at example.com
> (and uid is NOT used as entry's RDN). In the current version
> the canonicalization will go as follows:
>
> original login:   12345678 at example.tld
> canonical val:    1234 at example.com
> result from sasl: 1234 at example.com.tld
>
> What is wrong here is, that in current version of cyrus-sasl the result
> buffer
> contains garbage at end (the extra '.tld' above). Someone forgot to append
> trailing '\0' to the end of string.
>
> I attach a patch which fixes the issue.

Seems to me the bug is elsewhere. The return value from this function 
explicitly provides the length of the result. The caller should be honoring 
the length, and not assuming the value is NUL-terminated.

> NOTE: this bug was reported to the maintainers of Debian's package
> libsasl2-modules-ldap,
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689346
>
> but I see no activity since 10 days, so I decided to send it here.
>
>
> With best regards!
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


More information about the Cyrus-sasl mailing list