cyrus-sasl/cyrus-sasl-2.1.22-digest-commas.patch
Nalin Dahyabhai f9c172ba3a - move sasldb auxprop modules into the -lib subpackage, so that we'll pick
it up for multilib systems
- install config files and init scripts using -p
- pull in patch to build with current automake (#229010, Jacek Konieczny
    and Robert Scheck)
- remove prereq on ldconfig: RPM should pick it up based on the -libs
    scriptlets
- pull in patch to correctly detect gsskrb5_register_acceptor_identity
    (#200892, Mirko Streckenbach)
- pull CVS fix for not tripping over extra commas in digest-md5 challenges
    (#229640)
- drop patches which were needed to keep static builds going
- remove static build, which is no longer a useful option because not all
    of our dependencies are available as static libraries
- drop gssapi-generic patch due to lack of interest
- update the bundled copy of db to 4.5.20 (#229012)
- drop dbconverter-2, as we haven't bundled v1 libraries since FC4
2007-02-26 21:23:11 +00:00

149 lines
3.2 KiB
Diff

Pulled from CVS, Ident strings removed to let the patch apply pretty cleanly.
===================================================================
RCS file: /afs/andrew.cmu.edu/system/cvs/src/sasl/plugins/digestmd5.c,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- src/sasl/plugins/digestmd5.c 2006/11/27 20:41:55 1.183
+++ src/sasl/plugins/digestmd5.c 2007/02/14 17:16:14 1.184
@@ -556,12 +556,17 @@
return SASL_OK;
}
+static int is_lws_char (char c)
+{
+ return (c == ' ' || c == HT || c == CR || c == LF);
+}
+
static char *skip_lws (char *s)
{
if (!s) return NULL;
/* skipping spaces: */
- while (s[0] == ' ' || s[0] == HT || s[0] == CR || s[0] == LF) {
+ while (is_lws_char(s[0])) {
if (s[0] == '\0') break;
s++;
}
@@ -750,17 +755,30 @@
static void get_pair(char **in, char **name, char **value)
{
char *endpair;
- /* int inQuotes; */
char *curp = *in;
*name = NULL;
*value = NULL;
if (curp == NULL) return;
- if (curp[0] == '\0') return;
-
- /* skipping spaces: */
- curp = skip_lws(curp);
-
+
+ while (curp[0] != '\0') {
+ /* skipping spaces: */
+ curp = skip_lws(curp);
+
+ /* 'LWS "," LWS "," ...' is allowed by the DIGEST-MD5 ABNF */
+ if (curp[0] == ',') {
+ curp++;
+ } else {
+ break;
+ }
+ }
+
+ if (curp[0] == '\0') {
+ /* End of the string is not an error */
+ *name = "";
+ return;
+ }
+
*name = curp;
curp = skip_token(curp,1);
@@ -787,22 +805,24 @@
endpair = unquote (curp);
if (endpair == NULL) { /* Unbalanced quotes */
*name = NULL;
+ *value = NULL;
return;
}
- if (endpair[0] != ',') {
- if (endpair[0]!='\0') {
- *endpair++ = '\0';
- }
+
+ /* An optional LWS is allowed after the value. Skip it. */
+ if (is_lws_char (endpair[0])) {
+ /* Remove the trailing LWS from the value */
+ *endpair++ = '\0';
+ endpair = skip_lws(endpair);
}
-
- endpair = skip_lws(endpair);
-
+
/* syntax check: MUST be '\0' or ',' */
if (endpair[0] == ',') {
endpair[0] = '\0';
endpair++; /* skipping <,> */
} else if (endpair[0] != '\0') {
*name = NULL;
+ *value = NULL;
return;
}
@@ -2090,9 +2110,17 @@
char *name = NULL, *value = NULL;
get_pair(&in, &name, &value);
- if (name == NULL)
- break;
+ if (name == NULL) {
+ SETERROR(sparams->utils,
+ "Parse error");
+ result = SASL_BADAUTH;
+ goto FreeAllMem;
+ }
+ if (*name == '\0') {
+ break;
+ }
+
/* Extracting parameters */
/*
@@ -3222,10 +3250,14 @@
/* if parse error */
if (name == NULL) {
params->utils->seterror(params->utils->conn, 0, "Parse error");
- result = SASL_FAIL;
+ result = SASL_BADAUTH;
goto FreeAllocatedMem;
}
+ if (*name == '\0') {
+ break;
+ }
+
if (strcasecmp(name, "realm") == 0) {
nrealm++;
@@ -3887,9 +3919,14 @@
if (name == NULL) {
params->utils->seterror(params->utils->conn, 0,
"DIGEST-MD5 Received Garbage");
+ result = SASL_BADAUTH;
break;
}
+ if (*name == '\0') {
+ break;
+ }
+
if (strcasecmp(name, "rspauth") == 0) {
if (strcmp(text->response_value, value) != 0) {