'bug#1556: mutt-1.5.4i: Kerberos authentication fails due to insufficient buffer length'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mutt-dev
Subject:    bug#1556: mutt-1.5.4i: Kerberos authentication fails due to insufficient buffer length
From:       matthewg () zevils ! com
Date:       2003-04-29 3:32:13
[Download RAW message or body]

Package: mutt
Version: 1.5.4-1
Severity: normal

-- Please type your report below this line

While attempting to use Kerberos authenticatication with my IMAP server, I received \
the error "SASL authentication failed" .  I tried pine, and pine was able to \
authenticate.  The error turned out to be because mutt wasn't allocating a large \
enough buffer for the sasl_encode64 function.  Attached is a patch which fixes the \
problem (although probably not as elegantly as possible - I'm not familiar with the \
mutt sources.  I'm getting the size of my malloc from the sources of the \
sasl_encode64 routine.)

-- Patch
--- mutt-1.5.4/imap/auth_sasl.c	2002-11-12 03:20:11.000000000 -0500
+++ mutt-1.5.4.patched/imap/auth_sasl.c	2003-04-28 23:19:49.000000000 -0400
@@ -37,14 +37,14 @@
   sasl_conn_t* saslconn;
   sasl_interact_t* interaction = NULL;
   int rc, irc;
-  char buf[LONG_STRING];
+  char buf[LONG_STRING], *sasl_buf = NULL;
   const char* mech;
 #ifdef USE_SASL2
   const char *pc = NULL;
 #else
   char* pc = NULL;
 #endif
-  unsigned int len, olen;
+  unsigned int len, olen, sasl_len;
   unsigned char client_start;
 
   if (mutt_sasl_client_new (idata->conn, &saslconn) < 0)
@@ -155,8 +155,10 @@
     /* send out response, or line break if none needed */
     if (pc)
     {
-      if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK)
+      sasl_buf = malloc((olen + 2) / 3 * 4 + 3);
+      if (sasl_encode64 (pc, olen, sasl_buf, (olen + 2) / 3 * 4 + 3, &sasl_len) != \
SASL_OK)  {
+        free(sasl_buf);
 	dprint (1, (debugfile, "imap_auth_sasl: error base64-encoding client \
response.\n"));  goto bail;
       }
@@ -170,9 +172,12 @@
     
     if (olen || rc == SASL_CONTINUE)
     {
-      strfcpy (buf + olen, "\r\n", sizeof (buf) - olen);
-      mutt_socket_write (idata->conn, buf);
+      sasl_buf[sasl_len] = '\r';
+      sasl_buf[sasl_len + 1] = '\n';
+      sasl_buf[sasl_len + 2] = 0;
+      mutt_socket_write (idata->conn, sasl_buf);
     }
+    /*free(sasl_buf);*/
 
     /* If SASL has errored out, send an abort string to the server */
     if (rc < 0)
-- End Patch

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux minusone 2.5.66 #3 Mon Apr 7 21:48:06 EDT 2003 i686 unknown \
unknown GNU/Linux

Versions of the packages mutt depends on:
ii  exim           3.36-6         An MTA (Mail Transport Agent)
ii  libc6          2.3.1-17       GNU C Library: Shared libraries and Timezone
ii  libdb2         2.7.7.0-8      The Berkeley database routines (run-time fil
ii  libidn9        0.1.11-3       GNU libidn library, implementation of IETF I
ii  libncurses5    5.3.20021109-2 Shared libraries for terminal handling
ii  libsasl7       1.5.27-3.5     Authentication abstraction library.
ii  exim           3.36-6         An MTA (Mail Transport Agent)
	^^^ (Provides virtual package mail-transport-agent)


-- Build environment information

(Note: This is the build environment installed on the system
muttbug is run on.  Information may or may not match the environment
used to build mutt.)

- gcc version information
cc
Reading specs from /usr/lib/gcc-lib/i386-linux/3.2.3/specs
Configured with: ../src/configure -v --enable-languages=c,c++,java,f77,objc,ada \
--prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info \
--with-gxx-include-dir=/usr/include/c++/3.2 --enable-shared --with-system-zlib \
--enable-nls --without-included-gettext --enable-__cxa_atexit --enable-clocale=gnu \
--enable-java-gc=boehm --enable-objc-gc i386-linux Thread model: posix
gcc version 3.2.3

- CFLAGS
-Wall -pedantic -g -O2

-- Mutt Version Information

Mutt 1.5.4i (2003-03-19)
Copyright (C) 1996-2002 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 2.5.66 (i686) [using ncurses 5.3] [using libidn 0.1.11 (compiled with \
0.1.11)] Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  
+USE_FCNTL  -USE_FLOCK
+USE_POP  +USE_IMAP  +IMAP_EDIT_THREADS  -USE_GSS  -USE_SSL  +USE_GNUTLS  +USE_SASL  \
-USE_SASL2   +HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME  \
-BUFFY_SIZE -EXACT_ADDRESS  -SUN_ATTACHMENT   +ENABLE_NLS  -LOCALES_HACK  +COMPRESSED \
+HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET  +HAVE_LANGINFO_YESEXPR   +HAVE_ICONV  \
-ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +HAVE_GETADDRINFO  +USE_CACHE   \
ISPELL="/usr/bin/ispell" SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-dev@mutt.org>.
To report a bug, please use the flea(1) utility.

patch-1.5.1.cd.edit_threads.9.2
patch-1.3.23.1.ametzler.pgp_good_sign
patch-1.5.3.Md.gpg_status_fd
patch-1.4.Md.gpg-agent
patch-1.3.27.bse.xtitles.1
patch-1.5.3.Md.etc_mailname_gethostbyname
Md.muttbug
Md.use_debian_editor
patch-1.4.admcd.gnutlsdlopen.53d
patch-1.5.4.Z.hcache.8
patch-1.4.admcd.gnutlsbuild.53d
patch-1.4.admcd.gnutls.55d
patch-1.5.3.rr.compressed.1


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic