Menu
▾
▴
Re: [Fetchmail-users] GSSAPI SASL auth code adds trailing null byte to authorization name
|
From: Matthias A. <mat...@gm...> - 2018-04-14 18:52:11
|
Am 14.04.2018 um 03:45 schrieb Greg Hudson: > [I was directed to send bug reports here by > http://www.fetchmail.info/fetchmail-FAQ.html#G3 ; apologies if that is > no longer correct.] > > In the last step of GSSAPI SASL authentication, the client sends a wrap > token containing the security level (one byte), the buffer size (three > bytes), and the authorization name in the remaining bytes. In > fetchmail, the construction of the token is at gssapi.c lines 267-280. > Lines 271-272 are: > > strlcpy(buf1+4, username, sizeof(buf1) - 4); /* server decides if > princ is user */ > request_buf.length = 4 + strlen(username) + 1; > > The "+ 1" at the end of the length computation causes a trailing null > byte to be included in the authorization name. Although a C server > implementation might tolerate the null byte if it adds its own > terminator and then treats the result as a C string, Exchange 2013 > rejects the authorization name with the extra null byte and is within > its rights to do so. Cyrus SASL does not add an extra null byte, and > interoperates with Exchange 2013. Hi Greg, the reporting address is more or less correct, and the list has relayed your message and added it to its archives mbox, but it's indeed not shown in its archives. I have filed a (private, because it shows mail headers) ticket with the sourceforge.net site support, and this has been repaired by sf.net ops, the message has appeared: https://sourceforge.net/p/fetchmail/mailman/message/36290701/ I can confirm the two bugs that you are reporting (including the second you have reported in private), and have fixed them in Git. Please pull the "legacy_64" branch from either Gitlab or Sourceforge and see if they fix the issues for you - in which case I should forward-merge them onto the master branch as well. Repository viewers and clone URLs at: * https://gitlab.com/fetchmail/fetchmail * https://sourceforge.net/p/fetchmail/git/ci/legacy_64/tree/ Thanks for taking the time to analyse and report this! Best regards, Matthias |
