author | Alan Coopersmith <Alan.Coopersmith@Oracle.COM> |
Mon, 03 Oct 2016 13:19:13 -0700 | |
changeset 7042 | 582373e0fdee |
parent 6318 | ad9a55e737e6 |
permissions | -rw-r--r-- |
6318
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
1 |
Patch origin: in-house |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
2 |
This is a non-vulnerability Parfait error. |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
3 |
Filed as https://bugzilla.cyrusimap.org/show_bug.cgi?id=3934 |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
4 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
5 |
diff -rupN old/saslauthd/auth_httpform.c new/saslauthd/auth_httpform.c |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
6 |
--- old/saslauthd/auth_httpform.c 2016-05-03 18:40:11.701189626 -0700 |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
7 |
+++ new/saslauthd/auth_httpform.c 2016-05-03 18:42:47.344382759 -0700 |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
8 |
@@ -85,6 +85,10 @@ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
9 |
#define MAX(p,q) ((p >= q) ? p : q) |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
10 |
#endif |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
11 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
12 |
+#ifndef MIN |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
13 |
+#define MIN(p,q) ((p <= q) ? p : q) |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
14 |
+#endif |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
15 |
+ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
16 |
/* PRIVATE DEPENDENCIES */ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
17 |
static cfile config = NULL; |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
18 |
static const char *r_host = "localhost"; /* remote host (mech_option) */ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
19 |
@@ -612,11 +616,13 @@ auth_httpform ( |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
20 |
return strdup(RESP_IERROR); |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
21 |
} |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
22 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
23 |
+ rc = MIN(rc, RESP_LEN - 1); /* don't write past rbuf */ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
24 |
+ rbuf[rc] = '\0'; /* make sure str-funcs find null */ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
25 |
+ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
26 |
if (flags & VERBOSE) { |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
27 |
syslog(LOG_DEBUG, "auth_httpform: [%s] %s", user, rbuf); |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
28 |
} |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
29 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
30 |
- rbuf[rc] = '\0'; /* make sure str-funcs find null */ |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
31 |
return build_sasl_response(rbuf); |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
32 |
} |
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
33 |