Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/cyrus-sasl/patches/113-auth_httpform-c.patch
author John Beck <John.Beck@Oracle.COM>
Mon, 03 Oct 2016 15:32:26 -0700
changeset 7030 496c07261afc
parent 6318 ad9a55e737e6
permissions -rw-r--r--
24791247 lighttpd should use MySQL 5.5 on Solaris 11.3, 5.7 on S12

Patch origin: in-house
This is a non-vulnerability Parfait error.
Filed as https://bugzilla.cyrusimap.org/show_bug.cgi?id=3934

diff -rupN old/saslauthd/auth_httpform.c new/saslauthd/auth_httpform.c
--- old/saslauthd/auth_httpform.c	2016-05-03 18:40:11.701189626 -0700
+++ new/saslauthd/auth_httpform.c	2016-05-03 18:42:47.344382759 -0700
@@ -85,6 +85,10 @@
 #define MAX(p,q) ((p >= q) ? p : q)
 #endif
 
+#ifndef MIN
+#define MIN(p,q) ((p <= q) ? p : q)
+#endif
+
 /* PRIVATE DEPENDENCIES */
 static cfile config = NULL;
 static const char *r_host = "localhost";  /* remote host (mech_option) */
@@ -612,11 +616,13 @@ auth_httpform (
         return strdup(RESP_IERROR);
     }
 
+    rc = MIN(rc, RESP_LEN - 1);  /* don't write past rbuf */
+    rbuf[rc] = '\0';             /* make sure str-funcs find null */
+
     if (flags & VERBOSE) {
         syslog(LOG_DEBUG, "auth_httpform: [%s] %s", user, rbuf);
     }
 
-    rbuf[rc] = '\0';             /* make sure str-funcs find null */
     return build_sasl_response(rbuf);
 }
upstream/oracle/userland-gate