[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5368) s/strncasecmp/ber_bvstrncasecmp/ broke substring check for {CLEARTEXT}

Full_Name: Steve Langasek
Version: 2.4.7
OS: Debian
URL: http://people.ubuntu.com/~vorlon/sasl-cleartext-strncasecmp.patch
Submission from: (NULL) (2001:4830:1244:0:219:d2ff:fe76:2acb)

A regression was introduced in revision 1.239 of servers/slapd/sasl.c.  
Previously, sasl_ap_lookup() would check for a leading string of {CLEARTEXT} and
trim it from the userPassword value returned to SASL; but in revision 1.239, the
strncasecmp() was replaced with ber_bvstrcasecmp() which instead looks for an
exact match of the whole string, causing passwords to be handed back to SASL
with the leading "{CLEARTEXT}" attached.

The referenced patch is verified to correct this regression.