[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "
|
From: |
Simon Josefsson |
|
Subject: |
Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "charset=utf-8" in response |
|
Date: |
Mon, 05 May 2008 14:11:43 +0200 |
|
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
Pawel Widera <address@hidden> writes:
> On Thu, 24 Apr 2008, Pawel Widera wrote:
>
>> I think that to properly test the solution for this you need to use
>> both username and password being plain ASCII. If one of these is
>> UTF-8 it simply triggers the UTF-8 response and authentication works
>> fine. The problem here is about acepting ASCII response even if
>> server advertised itself as UTF-8
>> capable.
>
> I did some testing and find out that the client plain ASCII response
> is processed correctly. However, there is a small bug in handling
> username preventing client authorisation. I'm attaching the patch.
Hi Pawel. That's obviously the correct patch. Many thanks for tracing
down this problem and providing a patch. I'll make a new release with
it shortly.
Am I correct in assuming that you deployed a version, patched with the
patch below, and that it solves the problem?
Thanks,
Simon
> --
> GnuPG: 0x230F845E
> Jabber: address@hidden gsasl-0.2.26/lib/digest-md5/server.c 2008-04-11
> 10:38:26.000000000 +0100
> +++ local-gsasl-0.2.26/lib/digest-md5/server.c 2008-05-03
> 15:06:35.000000000 +0100
> @@ -229,7 +229,7 @@
> {
> /* Client provided username in ISO-8859-1 form, convert it
> to UTF-8 since the library is all-UTF-8. */
> - char *username = latin1toutf8 (username);
> + char *username = latin1toutf8 (state->response.username);
> if (!username)
> return GSASL_MALLOC_ERROR;
> gsasl_property_set (sctx, GSASL_AUTHID, username);
> _______________________________________________
> Help-gsasl mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-gsasl