Skip to content
Browse files

Enforce some hard limits on SASL mechanism length.

  • Loading branch information...
1 parent dd11bde commit 3705435b522c70aa31cf5636dfa01b33e85629a3 @dustin dustin committed with Trond Norbye Oct 23, 2009
Showing with 16 additions and 3 deletions.
  1. +6 −0 memcached.c
  2. +3 −0 sasl_defs.h
  3. +7 −3 t/binary-sasl.t
View
6 memcached.c
@@ -1526,6 +1526,12 @@ static void process_bin_sasl_auth(conn *c) {
int nkey = c->binary_header.request.keylen;
int vlen = c->binary_header.request.bodylen - nkey;
+ if (nkey > MAX_SASL_MECH_LEN) {
+ write_bin_error(c, PROTOCOL_BINARY_RESPONSE_EINVAL, vlen);
+ c->write_and_go = conn_swallow;
+ return;
+ }
+
char *key = binary_get_key(c);
assert(key);
View
3 sasl_defs.h
@@ -1,6 +1,9 @@
#ifndef SASL_DEFS_H
#define SASL_DEFS_H 1
+// Longest one I could find was ``9798-U-RSA-SHA1-ENC''
+#define MAX_SASL_MECH_LEN 32
+
#if defined(HAVE_SASL_SASL_H) && defined(ENABLE_SASL)
#include <sasl/sasl.h>
View
10 t/binary-sasl.t
@@ -12,7 +12,7 @@ my $supports_sasl = supports_sasl();
use Test::More;
if (supports_sasl()) {
- plan tests => 19;
+ plan tests => 20;
} else {
plan tests => 1;
eval {
@@ -161,6 +161,9 @@ system("echo testpass | saslpasswd2 -a memcached -c -p testuser");
$mc = MC::Client->new;
+# Attempt a bad auth mech.
+is ($mc->authenticate('testuser', 'testpass', "X" x 40), 0x4, "bad mech");
+
# Attempt bad authentication.
is ($mc->authenticate('testuser', 'wrongpassword'), 0x20, "bad auth");
@@ -221,9 +224,10 @@ sub new {
}
sub authenticate {
- my ($self, $user, $pass)= @_;
+ my ($self, $user, $pass, $mech)= @_;
+ $mech ||= 'PLAIN';
my $buf = sprintf("%c%s%c%s", 0, $user, 0, $pass);
- my ($status, $rv, undef) = $self->_do_command(::CMD_SASL_AUTH, "PLAIN", $buf, '');
+ my ($status, $rv, undef) = $self->_do_command(::CMD_SASL_AUTH, $mech, $buf, '');
return $status;
}
sub list_mechs {

0 comments on commit 3705435

Please sign in to comment.
Something went wrong with that request. Please try again.