[prev in list] [next in list] [prev in thread] [next in thread]
List: mutt-dev
Subject: bug#1556: mutt-1.5.4i: Kerberos authentication fails due to insufficient buffer length
From: matthewg () zevils ! com
Date: 2003-04-29 3:32:13
[Download RAW message or body]
Package: mutt
Version: 1.5.4-1
Severity: normal
-- Please type your report below this line
While attempting to use Kerberos authenticatication with my IMAP server, I received \
the error "SASL authentication failed" . I tried pine, and pine was able to \
authenticate. The error turned out to be because mutt wasn't allocating a large \
enough buffer for the sasl_encode64 function. Attached is a patch which fixes the \
problem (although probably not as elegantly as possible - I'm not familiar with the \
mutt sources. I'm getting the size of my malloc from the sources of the \
sasl_encode64 routine.)
-- Patch
--- mutt-1.5.4/imap/auth_sasl.c 2002-11-12 03:20:11.000000000 -0500
+++ mutt-1.5.4.patched/imap/auth_sasl.c 2003-04-28 23:19:49.000000000 -0400
@@ -37,14 +37,14 @@
sasl_conn_t* saslconn;
sasl_interact_t* interaction = NULL;
int rc, irc;
- char buf[LONG_STRING];
+ char buf[LONG_STRING], *sasl_buf = NULL;
const char* mech;
#ifdef USE_SASL2
const char *pc = NULL;
#else
char* pc = NULL;
#endif
- unsigned int len, olen;
+ unsigned int len, olen, sasl_len;
unsigned char client_start;
if (mutt_sasl_client_new (idata->conn, &saslconn) < 0)
@@ -155,8 +155,10 @@
/* send out response, or line break if none needed */
if (pc)
{
- if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK)
+ sasl_buf = malloc((olen + 2) / 3 * 4 + 3);
+ if (sasl_encode64 (pc, olen, sasl_buf, (olen + 2) / 3 * 4 + 3, &sasl_len) != \
SASL_OK) {
+ free(sasl_buf);
dprint (1, (debugfile, "imap_auth_sasl: error base64-encoding client \
response.\n")); goto bail;
}
@@ -170,9 +172,12 @@
if (olen || rc == SASL_CONTINUE)
{
- strfcpy (buf + olen, "\r\n", sizeof (buf) - olen);
- mutt_socket_write (idata->conn, buf);
+ sasl_buf[sasl_len] = '\r';
+ sasl_buf[sasl_len + 1] = '\n';
+ sasl_buf[sasl_len + 2] = 0;
+ mutt_socket_write (idata->conn, sasl_buf);
}
+ /*free(sasl_buf);*/
/* If SASL has errored out, send an abort string to the server */
if (rc < 0)
-- End Patch
-- System Information
Debian Release: testing/unstable
Kernel Version: Linux minusone 2.5.66 #3 Mon Apr 7 21:48:06 EDT 2003 i686 unknown \
unknown GNU/Linux
Versions of the packages mutt depends on:
ii exim 3.36-6 An MTA (Mail Transport Agent)
ii libc6 2.3.1-17 GNU C Library: Shared libraries and Timezone
ii libdb2 2.7.7.0-8 The Berkeley database routines (run-time fil
ii libidn9 0.1.11-3 GNU libidn library, implementation of IETF I
ii libncurses5 5.3.20021109-2 Shared libraries for terminal handling
ii libsasl7 1.5.27-3.5 Authentication abstraction library.
ii exim 3.36-6 An MTA (Mail Transport Agent)
^^^ (Provides virtual package mail-transport-agent)
-- Build environment information
(Note: This is the build environment installed on the system
muttbug is run on. Information may or may not match the environment
used to build mutt.)
- gcc version information
cc
Reading specs from /usr/lib/gcc-lib/i386-linux/3.2.3/specs
Configured with: ../src/configure -v --enable-languages=c,c++,java,f77,objc,ada \
--prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info \
--with-gxx-include-dir=/usr/include/c++/3.2 --enable-shared --with-system-zlib \
--enable-nls --without-included-gettext --enable-__cxa_atexit --enable-clocale=gnu \
--enable-java-gc=boehm --enable-objc-gc i386-linux Thread model: posix
gcc version 3.2.3
- CFLAGS
-Wall -pedantic -g -O2
-- Mutt Version Information
Mutt 1.5.4i (2003-03-19)
Copyright (C) 1996-2002 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 2.5.66 (i686) [using ncurses 5.3] [using libidn 0.1.11 (compiled with \
0.1.11)] Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE
+USE_FCNTL -USE_FLOCK
+USE_POP +USE_IMAP +IMAP_EDIT_THREADS -USE_GSS -USE_SSL +USE_GNUTLS +USE_SASL \
-USE_SASL2 +HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME \
-BUFFY_SIZE -EXACT_ADDRESS -SUN_ATTACHMENT +ENABLE_NLS -LOCALES_HACK +COMPRESSED \
+HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_ICONV \
-ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +HAVE_GETADDRINFO +USE_CACHE \
ISPELL="/usr/bin/ispell" SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <mutt-dev@mutt.org>.
To report a bug, please use the flea(1) utility.
patch-1.5.1.cd.edit_threads.9.2
patch-1.3.23.1.ametzler.pgp_good_sign
patch-1.5.3.Md.gpg_status_fd
patch-1.4.Md.gpg-agent
patch-1.3.27.bse.xtitles.1
patch-1.5.3.Md.etc_mailname_gethostbyname
Md.muttbug
Md.use_debian_editor
patch-1.4.admcd.gnutlsdlopen.53d
patch-1.5.4.Z.hcache.8
patch-1.4.admcd.gnutlsbuild.53d
patch-1.4.admcd.gnutls.55d
patch-1.5.3.rr.compressed.1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic