1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
From 59bcc75f56ffeb9fa220f1eb53d45bf254258ac7 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 13 Feb 2020 14:08:31 +0000
Subject: [PATCH 26/27] Auths: fix cyrus-sasl driver for gssapi use. Bug 2524
Broken-by: c0fb53b74e
Cherry-picked from: 5c329a4388
---
doc/ChangeLog | 6 ++++++
src/auths/cyrus_sasl.c | 6 +++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git doc/ChangeLog doc/ChangeLog
index be7ec2a8e..97fe878dc 100644
--- doc/ChangeLog
+++ doc/ChangeLog
@@ -63,6 +63,12 @@ JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The
previous fast-mode was untenable in the face of glibs using mmap to
support larger malloc requests.
+JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix
+ had introduced a string-copy (for ensuring NUL-termination) which was not
+ appropriate for that case, which can include embedded NUL bytes in the
+ block of data. Investigation showed the copy to actually be needless, the
+ data being length-specified.
+
Exim version 4.93
-----------------
diff --git src/auths/cyrus_sasl.c src/auths/cyrus_sasl.c
index 480010bab..19416a1bb 100644
--- src/auths/cyrus_sasl.c
+++ src/auths/cyrus_sasl.c
@@ -347,10 +347,10 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; )
}
else
{
- /* make sure that we have a null-terminated string */
- out2 = string_copyn(output, outlen);
+ /* auth_get_data() takes a length-specfied block of binary
+ which can include zeroes; no terminating NUL is needed */
- if ((rc = auth_get_data(&input, out2, outlen)) != OK)
+ if ((rc = auth_get_data(&input, output, outlen)) != OK)
{
/* we couldn't get the data, so free up the library before
* returning whatever error we get */
--
2.24.1
|
