Bug#689346: libsasl2-modules-ldap: garbage in output buffer when using canonuser_plugin: ldapdb, patch included

Paweł Tomulik ptomulik at meil.pw.edu.pl
Mon Oct 1 18:05:25 UTC 2012 

Package: libsasl2-modules-ldap
Version: 2.1.25.dfsg1-5
Severity: important
Tags: upstream security patch

Hi,

there is problem with ldap-based username canonicalization, when the
canon_attr attribute (that is not RDN) value returned by LDAP is shorter
(fever characters) than original username (provided as input to auxprop)
had. For example:

original login:ptomulik at example.com
canonical val:  1234 at example.com
result:         1234 at example.com.com

This may be observed, for example, if one does canonicalization with auxprop +
ldapdb and passes canonical name to saslauthd.

It's enough to look into 'plugins/ldapdb.c' to see the cause . The problematic
function is ldapdb_canon_server() which sometimes forgots to append trailing
'\0' to output buffer.

I attach patch which fixes this issue.



-- System Information:
Debian Release: wheezy/sid
   APT prefers unstable
   APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libsasl2-modules-ldap depends on:
ii  libc6             2.13-35
ii  libldap-2.4-2     2.4.31-1
ii  libsasl2-modules  2.1.25.dfsg1-5

libsasl2-modules-ldap recommends no packages.

libsasl2-modules-ldap suggests no packages.


-- 
Paweł Tomulik, tel. +48 22 234 7374
Instytut Techniki Lotniczej i Mechaniki Stosowanej
Politechnika Warszawska

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20121001/f6f5f6df/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-canonuser-ldapdb-garbage-in-out-buffer.patch
Type: text/x-diff
Size: 460 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20121001/f6f5f6df/attachment.patch>

More information about the Pkg-cyrus-sasl2-debian-devel mailing list