From: Kevin McCarthy <kevin@8t8.us>
Date: Sat, 14 Apr 2018 02:03:29 +0000 (-0700)
Subject: Remove trailing null count from gss_buffer_desc.length field.
X-Git-Tag: neomutt-20180512~52
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=119b00cf35187cf65cc6375c49e4daadc34a6ff0;p=neomutt

Remove trailing null count from gss_buffer_desc.length field.

RFC 2744 section 3.2.2 clearly states that trailing NULL characters
are not to be included in the length field, and are not to be assumed
to be present in the value field.

Thanks to Greg Hudson, who recently debugged this same issue with
fetchmail, and kindly took the time to look at Mutt's code too.
---

diff --git a/imap/auth_gss.c b/imap/auth_gss.c
index 1035d2f21..f55afbe89 100644
--- a/imap/auth_gss.c
+++ b/imap/auth_gss.c
@@ -75,6 +75,8 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
     if (GSS_ERROR(maj_stat))
       break;
     mutt_str_strfcpy(buf_maj, (char *) status_string.value, sizeof(buf_maj));
+    if (status_string.length < sizeof(buf_maj))
+      buf_maj[status_string.length] = '\0';
     gss_release_buffer(&min_stat, &status_string);
 
     maj_stat = gss_display_status(&min_stat, err_min, GSS_C_MECH_CODE,
@@ -82,6 +84,8 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
     if (!GSS_ERROR(maj_stat))
     {
       mutt_str_strfcpy(buf_min, (char *) status_string.value, sizeof(buf_min));
+      if (status_string.length < sizeof(buf_min))
+        buf_min[status_string.length] = '\0';
       gss_release_buffer(&min_stat, &status_string);
     }
   } while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
@@ -119,7 +123,7 @@ enum ImapAuthRes imap_auth_gss(struct ImapData *idata, const char *method)
   /* get an IMAP service ticket for the server */
   snprintf(buf1, sizeof(buf1), "imap@%s", idata->conn->account.host);
   request_buf.value = buf1;
-  request_buf.length = strlen(buf1) + 1;
+  request_buf.length = strlen(buf1);
   maj_stat = gss_import_name(&min_stat, &request_buf, gss_nt_service_name, &target_name);
   if (maj_stat != GSS_S_COMPLETE)
   {
@@ -262,7 +266,7 @@ enum ImapAuthRes imap_auth_gss(struct ImapData *idata, const char *method)
   /* server decides if principal can log in as user */
   strncpy(buf1 + 4, idata->conn->account.user, sizeof(buf1) - 4);
   request_buf.value = buf1;
-  request_buf.length = 4 + strlen(idata->conn->account.user) + 1;
+  request_buf.length = 4 + strlen(idata->conn->account.user);
   maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
                       &cflags, &send_token);
   if (maj_stat != GSS_S_COMPLETE)