[Fetchmail-users] GSSAPI SASL auth code adds trailing null byte to authorization name

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

[I was directed to send bug reports here by
http://www.fetchmail.info/fetchmail-FAQ.html#G3 ; apologies if that is
no longer correct.]

In the last step of GSSAPI SASL authentication, the client sends a wrap
token containing the security level (one byte), the buffer size (three
bytes), and the authorization name in the remaining bytes.  In
fetchmail, the construction of the token is at gssapi.c lines 267-280.
Lines 271-272 are:

    strlcpy(buf1+4, username, sizeof(buf1) - 4); /* server decides if
princ is user */
    request_buf.length = 4 + strlen(username) + 1;

The "+ 1" at the end of the length computation causes a trailing null
byte to be included in the authorization name.  Although a C server
implementation might tolerate the null byte if it adds its own
terminator and then treats the result as a C string, Exchange 2013
rejects the authorization name with the extra null byte and is within
its rights to do so.  Cyrus SASL does not add an extra null byte, and
interoperates with Exchange 2013.

[Fetchmail-users] GSSAPI SASL auth code adds trailing null byte to authorization name

Client daemon to move mail from POP and IMAP to your local computer

[Fetchmail-users] GSSAPI SASL auth code adds trailing null byte to authorization name