From: Kevin McCarthy <kevin@8t8.us>
Date: Sat, 14 Apr 2018 02:03:29 +0000 (-0700)
Subject: Remove trailing null count from gss_buffer_desc.length field.
X-Git-Tag: mutt-1-9-5-rel~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f52ee2f7f7a06b547507981b977a7cfbc88850a1;p=mutt

Remove trailing null count from gss_buffer_desc.length field.

RFC 2744 section 3.2.2 clearly states that trailing NULL characters
are not to be included in the length field, and are not to be assumed
to be present in the value field.

Thanks to Greg Hudson, who recently debugged this same issue with
fetchmail, and kindly took the time to look at Mutt's code too.
---

diff --git a/imap/auth_gss.c b/imap/auth_gss.c
index 39786c4f..d7a366d2 100644
--- a/imap/auth_gss.c
+++ b/imap/auth_gss.c
@@ -59,7 +59,9 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
 					       &status_string);
 		if (GSS_ERROR(maj_stat))
 			break;
-		strncpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
+		strfcpy(buf_maj, (char*) status_string.value, sizeof(buf_maj));
+                if (status_string.length < sizeof(buf_maj))
+                  buf_maj[status_string.length] = '\0';
 		gss_release_buffer(&min_stat, &status_string);
 		
 		maj_stat = gss_display_status (&min_stat,
@@ -70,7 +72,9 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
 					       &status_string);
 		if (!GSS_ERROR(maj_stat))
 		{
-			strncpy(buf_min, (char*) status_string.value, sizeof(buf_min));
+			strfcpy(buf_min, (char*) status_string.value, sizeof(buf_min));
+                        if (status_string.length < sizeof(buf_min))
+                          buf_min[status_string.length] = '\0';
 			gss_release_buffer(&min_stat, &status_string);
 		}
 	} while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
@@ -105,7 +109,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata, const char* method)
   /* get an IMAP service ticket for the server */
   snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host);
   request_buf.value = buf1;
-  request_buf.length = strlen (buf1) + 1;
+  request_buf.length = strlen (buf1);
   maj_stat = gss_import_name (&min_stat, &request_buf, gss_nt_service_name,
     &target_name);
   if (maj_stat != GSS_S_COMPLETE)
@@ -258,7 +262,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA* idata, const char* method)
   /* server decides if principal can log in as user */
   strncpy (buf1 + 4, idata->conn->account.user, sizeof (buf1) - 4);
   request_buf.value = buf1;
-  request_buf.length = 4 + strlen (idata->conn->account.user) + 1;
+  request_buf.length = 4 + strlen (idata->conn->account.user);
   maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
     &cflags, &send_token);
   if (maj_stat != GSS_S_COMPLETE)