Bug#689346: libsasl2-modules-ldap: garbage in output buffer when using canonuser_plugin: ldapdb, patch included
Paweł Tomulik
ptomulik at meil.pw.edu.pl
Mon Oct 1 18:05:25 UTC 2012
Package: libsasl2-modules-ldap
Version: 2.1.25.dfsg1-5
Severity: important
Tags: upstream security patch
Hi,
there is problem with ldap-based username canonicalization, when the
canon_attr attribute (that is not RDN) value returned by LDAP is shorter
(fever characters) than original username (provided as input to auxprop)
had. For example:
original login:ptomulik at example.com
canonical val: 1234 at example.com
result: 1234 at example.com.com
This may be observed, for example, if one does canonicalization with auxprop +
ldapdb and passes canonical name to saslauthd.
It's enough to look into 'plugins/ldapdb.c' to see the cause . The problematic
function is ldapdb_canon_server() which sometimes forgots to append trailing
'\0' to output buffer.
I attach patch which fixes this issue.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libsasl2-modules-ldap depends on:
ii libc6 2.13-35
ii libldap-2.4-2 2.4.31-1
ii libsasl2-modules 2.1.25.dfsg1-5
libsasl2-modules-ldap recommends no packages.
libsasl2-modules-ldap suggests no packages.
--
Paweł Tomulik, tel. +48 22 234 7374
Instytut Techniki Lotniczej i Mechaniki Stosowanej
Politechnika Warszawska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20121001/f6f5f6df/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-canonuser-ldapdb-garbage-in-out-buffer.patch
Type: text/x-diff
Size: 460 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20121001/f6f5f6df/attachment.patch>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list