gsasl_client_suggest_mechanism() prefix matching

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gsasl_client_suggest_mechanism() prefix matching

From:	Kevin J. McCarthy
Subject:	gsasl_client_suggest_mechanism() prefix matching
Date:	Thu, 23 Dec 2021 15:49:34 -0800
User-agent:	Mutt/2.1.4+97 (68caf914) (2021-12-23)

I was looking at how gsasl_client_suggest_mechanism() worked, andnoticed it seems to accept prefixes matches inside the mechlistparameter.


It grabs a valid mechanism using strspn():
  len = strspn (mechlist + i, GSASL_VALID_MECHANISM_CHARACTERS);
and then further below checks:
  if (strncmp (ctx->client_mechs[j].name, mechlist + i, len) == 0)

But this would seem to allow a substring prefix to suggest thatmechanism. If that wasn't intended, would it be worth adding anothercheck, something like:

  if ((strlen (ctx->client_mechs[j].name) == len) &&
      (strncmp (ctx->client_mechs[j].name, mechlist + i, len) == 0))

Thank you!

-Kevin

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

gsasl_client_suggest_mechanism() prefix matching, Kevin J. McCarthy <=

Prev by Date: Re: Using gsasl_encode/decode()
Previous by thread: Using gsasl_encode/decode()
Index(es):
- Date
- Thread