| author | Jiri Sasek <Jiri.Sasek@Oracle.COM> |
| Wed, 26 Apr 2017 14:53:43 -0700 | |
| changeset 7954 | f5d146a3f5e6 |
| parent 6318 | ad9a55e737e6 |
| permissions | -rw-r--r-- |
|
6318
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
1 |
Patch origin: in-house |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
2 |
This is a non-vulnerability Parfait error. |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
3 |
Filed as https://bugzilla.cyrusimap.org/show_bug.cgi?id=3934 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
4 |
|
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
5 |
diff -rupN old/saslauthd/auth_httpform.c new/saslauthd/auth_httpform.c |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
6 |
--- old/saslauthd/auth_httpform.c 2016-05-03 18:40:11.701189626 -0700 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
7 |
+++ new/saslauthd/auth_httpform.c 2016-05-03 18:42:47.344382759 -0700 |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
8 |
@@ -85,6 +85,10 @@ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
9 |
#define MAX(p,q) ((p >= q) ? p : q) |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
10 |
#endif |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
11 |
|
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
12 |
+#ifndef MIN |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
13 |
+#define MIN(p,q) ((p <= q) ? p : q) |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
14 |
+#endif |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
15 |
+ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
16 |
/* PRIVATE DEPENDENCIES */ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
17 |
static cfile config = NULL; |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
18 |
static const char *r_host = "localhost"; /* remote host (mech_option) */ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
19 |
@@ -612,11 +616,13 @@ auth_httpform ( |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
20 |
return strdup(RESP_IERROR); |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
21 |
} |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
22 |
|
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
23 |
+ rc = MIN(rc, RESP_LEN - 1); /* don't write past rbuf */ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
24 |
+ rbuf[rc] = '\0'; /* make sure str-funcs find null */ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
25 |
+ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
26 |
if (flags & VERBOSE) {
|
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
27 |
syslog(LOG_DEBUG, "auth_httpform: [%s] %s", user, rbuf); |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
28 |
} |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
29 |
|
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
30 |
- rbuf[rc] = '\0'; /* make sure str-funcs find null */ |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
31 |
return build_sasl_response(rbuf); |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
32 |
} |
|
ad9a55e737e6
23236798 parfait error in string termination in a saslauthd routine
Jan Parcel <jan.parcel@oracle.com>
parents:
diff
changeset
|
33 |