This is an automated email from the ASF dual-hosted git repository. astitcher pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/qpid-proton.git
commit 7ba9ef7d446a6f3d6fcce12e854d09b4bd672db9 Author: Andrew Stitcher <astitc...@apache.org> AuthorDate: Wed Oct 27 17:56:57 2021 -0400 PROTON-2443: Workaround bug in cyrus sasl EXTERNAL mechanism The mechanism plugin assumes that the initial iresponse data is zero terminated. But this is not required by the protocol or by the API used by cyrus sasl. --- c/src/sasl/cyrus_sasl.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/c/src/sasl/cyrus_sasl.c b/c/src/sasl/cyrus_sasl.c index 6b34eaa..62d3427 100644 --- a/c/src/sasl/cyrus_sasl.c +++ b/c/src/sasl/cyrus_sasl.c @@ -180,7 +180,7 @@ static int pni_authorize(sasl_conn_t *conn, const char *def_realm, unsigned urlen, struct propctx *propctx) { - PN_LOG_DEFAULT(PN_SUBSYSTEM_SASL, PN_LEVEL_TRACE, "Authorized: userid=%*s by authuser=%*s @ %*s", + PN_LOG_DEFAULT(PN_SUBSYSTEM_SASL, PN_LEVEL_TRACE, "Authorized: userid=%.*s by authuser=%.*s @ %.*s", rlen, requested_user, alen, auth_identity, urlen, def_realm); @@ -468,21 +468,37 @@ static int pni_wrap_server_start(pn_transport_t *transport, const char *mech_sel sasl_conn_t *cyrus_conn = (sasl_conn_t*)pnx_sasl_get_context(transport); const char *in_bytes = in->start; size_t in_size = in->size; + char buffer[128]; // scratch buffer for zero termination + char *to_free = NULL; // Interop hack for ANONYMOUS - some of the earlier versions of proton will send and no data // with an anonymous init because it is optional. It seems that Cyrus wants an empty string here // or it will challenge, which the earlier implementation is not prepared for. // However we can't just always use an empty string as the CRAM-MD5 mech won't allow any data in the server start + // Also the EXTERNAL mech has a bug that ignores the size of the initial response string and expects it to be zero + // terminated, so make sure it is! if (!in_bytes && strcmp(mech_selected, "ANONYMOUS")==0) { in_bytes = ""; in_size = 0; } else if (in_bytes && strcmp(mech_selected, "CRAM-MD5")==0) { in_bytes = 0; in_size = 0; + } else if (in_size && strcmp(mech_selected, "EXTERNAL")==0) { + char *b = buffer; + if (in_size>=128) { + to_free = malloc(in_size+1); + b = to_free; + } + if (b) { + memcpy(b, in_bytes, in_size); + b[in_size] = 0; + in_bytes = b; + } } result = sasl_server_start(cyrus_conn, mech_selected, in_bytes, in_size, &out, &outlen); + free(to_free); pnx_sasl_set_bytes_out(transport, pn_bytes(outlen, out)); return result; --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org