Infinite loop in saslauthd/auth_rimap.c (qstring function)
Andreas Lind Petersen
andreas at one.com
Thu Jan 10 11:07:21 UTC 2008
Dear maintainer(s) of cyrus-sasl,
I've found a pretty serious bug in the rimap authentication module's
qstring function (cyrus-sasl-2.1.22).
The algorithm for counting the number of doublequotes in a string
doesn't increment the pointer returned by strchr when a doublequote has
been found, leading to an infinite loop whenever the string contains at
least one doublequote character. Here's a quick patch that resolves the
issue:
*** saslauthd/auth_rimap.c 2006-04-06 22:19:54.000000000 +0200
--- saslauthd/auth_rimap.c.fixed 2008-01-10 11:59:29.329344000 +0100
***************
*** 163,168 ****
--- 163,169 ----
p1 = s;
while ((p1 = strchr(p1, '"')) != NULL) {
num_quotes++;
+ p1++;
}
Best regards,
Andreas Lind Petersen
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list