[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/anonymous
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/anonymous |
Date: |
Sun, 02 Jan 2005 00:35:48 +0100 |
Update of /home/cvs/gsasl/lib/anonymous
In directory dopio:/tmp/cvs-serv25846
Modified Files:
server.c
Log Message:
Validate upper token length as well.
--- /home/cvs/gsasl/lib/anonymous/server.c 2005/01/01 23:29:46 1.10
+++ /home/cvs/gsasl/lib/anonymous/server.c 2005/01/01 23:35:47 1.11
@@ -36,9 +36,12 @@
*output = NULL;
*output_len = 0;
- /* token = 1*255TCHAR */
- if (input_len == 0)
- return GSASL_NEEDS_MORE;
+ /* token = 1*255TCHAR
+ The <token> production is restricted to 255 UTF-8 encoded Unicode
+ characters. As the encoding of a characters uses a sequence of 1
+ to 4 octets, a token may be long as 1020 octets. */
+ if (input && (input_len == 0 || input_len > 1020))
+ return GSASL_MECHANISM_PARSE_ERROR;
/* FIXME: Validate that input is UTF-8. */