[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "

From: Simon Josefsson
Subject: Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "charset=utf-8" in response
Date: Tue, 25 Mar 2008 23:39:28 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Thanks for forwarding this.  I've identified the cause:

digest_md5_validate (digest_md5_challenge * c, digest_md5_response * r)
  if (c->utf8 != r->utf8)
    return -1;

Thus, if the server and client have different charset=utf8 values, the
authentication is refused.

The code needs to permit where the client did not send charset=utf8,
however in this case it needs to upgrade the string from ISO-8859-1 to
UTF-8 because GNU SASL is a strict UTF-8 library.

I'll see if I can produce a patch shortly.


marty <address@hidden> writes:

> This bug was encountered using
>    jabberd2 2.1.23 w/ GSASL 0.2.25
>    Pidgin 2.4.0 (Cyrus-based SASL)
> In summary, the issue is that jabberd2 (as a consequence of gsasl)
> indicates support for "charset=utf-8" in the challenge, and then
> consequently _requires_ that the response contain a "charset=utf-8"
> directive.  This expectation is contrary to the RFC, which only states
> that the "charset=utf-8" directive in the challenge indicates server
> support for _optional_ utf-8 encoding of the response.
> For details, please refer to the following:
> (bug against jabberd2)
> (original bug against Pidgin)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]