[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5368) s/strncasecmp/ber_bvstrncasecmp/ broke substring check for {CLEARTEXT}

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5368) s/strncasecmp/ber_bvstrncasecmp/ broke substring check for {CLEARTEXT}
From: hyc@symas.com
Date: Mon, 11 Feb 2008 07:53:44 GMT

steve.langasek@canonical.com wrote:
> Full_Name: Steve Langasek
> Version: 2.4.7
> OS: Debian
> URL: http://people.ubuntu.com/~vorlon/sasl-cleartext-strncasecmp.patch
> Submission from: (NULL) (2001:4830:1244:0:219:d2ff:fe76:2acb)
>
>
> A regression was introduced in revision 1.239 of servers/slapd/sasl.c.
> Previously, sasl_ap_lookup() would check for a leading string of {CLEARTEXT} and
> trim it from the userPassword value returned to SASL; but in revision 1.239, the
> strncasecmp() was replaced with ber_bvstrcasecmp() which instead looks for an
> exact match of the whole string, causing passwords to be handed back to SASL
> with the leading "{CLEARTEXT}" attached.
>
> The referenced patch is verified to correct this regression.

Thanks, this is now fixed in HEAD.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

Prev by Date: (ITS#5368) s/strncasecmp/ber_bvstrncasecmp/ broke substring check for {CLEARTEXT}
Next by Date: (ITS#5369) GSSAPI support for client library
Index(es):
- Chronological
- Thread