From 119b00cf35187cf65cc6375c49e4daadc34a6ff0 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Fri, 13 Apr 2018 19:03:29 -0700
Subject: [PATCH] Remove trailing null count from gss_buffer_desc.length field.

RFC 2744 section 3.2.2 clearly states that trailing NULL characters
are not to be included in the length field, and are not to be assumed
to be present in the value field.

Thanks to Greg Hudson, who recently debugged this same issue with
fetchmail, and kindly took the time to look at Mutt's code too.
---
 imap/auth_gss.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/imap/auth_gss.c b/imap/auth_gss.c
index 1035d2f21..f55afbe89 100644
--- a/imap/auth_gss.c
+++ b/imap/auth_gss.c
@@ -75,6 +75,8 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
     if (GSS_ERROR(maj_stat))
       break;
     mutt_str_strfcpy(buf_maj, (char *) status_string.value, sizeof(buf_maj));
+    if (status_string.length < sizeof(buf_maj))
+      buf_maj[status_string.length] = '\0';
     gss_release_buffer(&min_stat, &status_string);
 
     maj_stat = gss_display_status(&min_stat, err_min, GSS_C_MECH_CODE,
@@ -82,6 +84,8 @@ static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
     if (!GSS_ERROR(maj_stat))
     {
       mutt_str_strfcpy(buf_min, (char *) status_string.value, sizeof(buf_min));
+      if (status_string.length < sizeof(buf_min))
+        buf_min[status_string.length] = '\0';
       gss_release_buffer(&min_stat, &status_string);
     }
   } while (!GSS_ERROR(maj_stat) && msg_ctx != 0);
@@ -119,7 +123,7 @@ enum ImapAuthRes imap_auth_gss(struct ImapData *idata, const char *method)
   /* get an IMAP service ticket for the server */
   snprintf(buf1, sizeof(buf1), "imap@%s", idata->conn->account.host);
   request_buf.value = buf1;
-  request_buf.length = strlen(buf1) + 1;
+  request_buf.length = strlen(buf1);
   maj_stat = gss_import_name(&min_stat, &request_buf, gss_nt_service_name, &target_name);
   if (maj_stat != GSS_S_COMPLETE)
   {
@@ -262,7 +266,7 @@ enum ImapAuthRes imap_auth_gss(struct ImapData *idata, const char *method)
   /* server decides if principal can log in as user */
   strncpy(buf1 + 4, idata->conn->account.user, sizeof(buf1) - 4);
   request_buf.value = buf1;
-  request_buf.length = 4 + strlen(idata->conn->account.user) + 1;
+  request_buf.length = 4 + strlen(idata->conn->account.user);
   maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
                       &cflags, &send_token);
   if (maj_stat != GSS_S_COMPLETE)
-- 
2.40.0