From 07f01ce3e566e0c7fd4fa859d759dd70140dcf4e Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 14 Apr 2018 20:38:02 +0200
Subject: GSSAPI: Do not add gratuitious NUL byte to username.

Greg Hudson reported this broke Exchange 2013 authentication.
---
 NEWS     | 3 +++
 gssapi.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 85fa1f29..a9ef33b6 100644
--- a/NEWS
+++ b/NEWS
@@ -124,6 +124,9 @@ fetchmail-6.4.0 (not yet released):
   or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h>
   Related to Debian Bug#775255. Fixes Debian Bug #804604.
 * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds.
+* Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication.
+  This was reported to break Kerberos-based authentication with Microsoft
+  Exchange 2013 by Greg Hudson.
 
 # KNOWN BUGS AND WORKAROUNDS
   (This section floats upwards through the NEWS file so it stays with the
diff --git a/gssapi.c b/gssapi.c
index c2c7d94f..31247e3b 100644
--- a/gssapi.c
+++ b/gssapi.c
@@ -269,7 +269,7 @@ cancelfail:
     memcpy(buf1, &buf_size, 4);
     buf1[0] = GSSAUTH_P_NONE;
     strlcpy(buf1+4, username, sizeof(buf1) - 4); /* server decides if princ is user */
-    request_buf.length = 4 + strlen(username) + 1;
+    request_buf.length = 4 + strlen(username);
     request_buf.value = buf1;
     maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
         &cflags, &send_token);
-- 
cgit v1.2.3