diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2018-04-14 20:38:02 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2018-04-14 20:38:02 +0200 |
| commit | 07f01ce3e566e0c7fd4fa859d759dd70140dcf4e (patch) | |
| tree | e8f452904144604d6aa660862a2c754b03a62647 | |
| parent | a9b253b3aa0a34696d24b2d85129d8a1f613b483 (diff) | |
| download | fetchmail-07f01ce3e566e0c7fd4fa859d759dd70140dcf4e.tar.gz fetchmail-07f01ce3e566e0c7fd4fa859d759dd70140dcf4e.tar.bz2 fetchmail-07f01ce3e566e0c7fd4fa859d759dd70140dcf4e.zip | |
GSSAPI: Do not add gratuitious NUL byte to username.
Greg Hudson reported this broke Exchange 2013 authentication.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | gssapi.c | 2 |
2 files changed, 4 insertions, 1 deletions
@@ -124,6 +124,9 @@ fetchmail-6.4.0 (not yet released): or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h> Related to Debian Bug#775255. Fixes Debian Bug #804604. * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds. +* Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication. + This was reported to break Kerberos-based authentication with Microsoft + Exchange 2013 by Greg Hudson. # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the @@ -269,7 +269,7 @@ cancelfail: memcpy(buf1, &buf_size, 4); buf1[0] = GSSAUTH_P_NONE; strlcpy(buf1+4, username, sizeof(buf1) - 4); /* server decides if princ is user */ - request_buf.length = 4 + strlen(username) + 1; + request_buf.length = 4 + strlen(username); request_buf.value = buf1; maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, &cflags, &send_token); |