You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by ko...@apache.org on 2016/04/21 10:50:56 UTC

svn commit: r1740254 - /subversion/trunk/subversion/svnserve/cyrus_auth.c

Author: kotkov
Date: Thu Apr 21 08:50:56 2016
New Revision: 1740254

URL: http://svn.apache.org/viewvc?rev=1740254&view=rev
Log:
svnserve: Reject invalid usernames when SASL is being used.

* subversion/svnserve/cyrus_auth.c
  (canonicalize_username): Extend the sanity checks.

Modified:
    subversion/trunk/subversion/svnserve/cyrus_auth.c

Modified: subversion/trunk/subversion/svnserve/cyrus_auth.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svnserve/cyrus_auth.c?rev=1740254&r1=1740253&r2=1740254&view=diff
==============================================================================
--- subversion/trunk/subversion/svnserve/cyrus_auth.c (original)
+++ subversion/trunk/subversion/svnserve/cyrus_auth.c Thu Apr 21 08:50:56 2016
@@ -74,6 +74,8 @@ static int canonicalize_username(sasl_co
     {
       /* The only valid realm is user_realm (i.e. the repository's realm).
          If the user gave us another realm, complain. */
+      if (realm_len != inlen-(pos-in+1))
+        return SASL_BADPROT;
       if (strncmp(pos+1, user_realm, inlen-(pos-in+1)) != 0)
         return SASL_BADPROT;
     }