Tree - rpms/cyrus-sasl - CentOS Git server

Blob History Raw

		bfd35c	`From 7739268e775e6ed91509727b014cc1d367ad386d Mon Sep 17 00:00:00 2001`
		bfd35c	`From: Alexey Melnikov <alexey.melnikov@isode.com>`
		bfd35c	`Date: Sun, 30 Mar 2014 15:13:34 +0100`
		bfd35c	`Subject: When processing a list of mechanism names, we shouldn't allow a short`
		bfd35c	`prefix match the whole mechanism name`
		bfd35c
		bfd35c	`"A", "AN", etc where matching "ANONYMOUS". This patch fixes that.`
		bfd35c
		bfd35c	`As reported by plautrba@redhat.com`
		bfd35c
		bfd35c	`diff --git a/lib/common.c b/lib/common.c`
		bfd35c	`index e0f59eb..672fe2f 100644`
		bfd35c	`--- a/lib/common.c`
		bfd35c	`+++ b/lib/common.c`
		bfd35c	`@@ -2428,6 +2428,11 @@ int _sasl_is_equal_mech(const char *req_mech,`
		bfd35c	`*plus = 0;`
		bfd35c	`}`
		bfd35c
		bfd35c	`+ if (n < strlen(plug_mech)) {`
		bfd35c	`+ /* Don't allow arbitrary prefix match */`
		bfd35c	`+ return 0;`
		bfd35c	`+ }`
		bfd35c	`+`
		bfd35c	`return (strncasecmp(req_mech, plug_mech, n) == 0);`
		bfd35c	`}`
		bfd35c
		bfd35c	`--`
		bfd35c	`cgit v0.10.2`
		bfd35c