truncated mech names are accepted - a bug?
Petr Lautrbach
plautrba at redhat.com
Fri Mar 14 10:42:08 EDT 2014
Hello,
A server with this configuration:
mech_list: A
shows 'ANONYMOUS' in available mechanisms.
It's due to the fact that _sasl_is_equal_mech() compares plug_mech only with the first strlen(req_mech) characters of plug_mech:
lib/common.c:2431: return (strncasecmp(req_mech, plug_mech, n) == 0);
where n is (usually) an equivalent of strlen(req_mech)
For ANONYMOUS, it means that any string from the following set of
{A, AN, ..., ANONYMOU, ANONYMOUS} will match ANONYMOUS.
The fix could be to first compare the length of plug_mech with 'n'.
This might be also a feature - to allow multiple plugin mechanism using one mech_list string,
but it doesn't feel right for me as I haven't found any documentation about that.
Petr
--
Petr Lautrbach
Security Technologies
Red Hat
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com.
More information about the Cyrus-sasl
mailing list