diff options
Diffstat (limited to 'net-im/jabberd')
-rw-r--r-- | net-im/jabberd/Makefile | 1 | ||||
-rw-r--r-- | net-im/jabberd/files/patch-sasl | 78 |
2 files changed, 79 insertions, 0 deletions
diff --git a/net-im/jabberd/Makefile b/net-im/jabberd/Makefile index 0e9aee3f2f7e..dd4a308d649d 100644 --- a/net-im/jabberd/Makefile +++ b/net-im/jabberd/Makefile @@ -7,6 +7,7 @@ PORTNAME= jabberd PORTVERSION= 2.1.14 +PORTREVISION= 1 CATEGORIES= net-im MASTER_SITES= http://ftp.xiaoka.com/jabberd2/releases/ DIST_SUBDIR= jabber diff --git a/net-im/jabberd/files/patch-sasl b/net-im/jabberd/files/patch-sasl new file mode 100644 index 000000000000..f89776fccc0b --- /dev/null +++ b/net-im/jabberd/files/patch-sasl @@ -0,0 +1,78 @@ +Index: sx/sasl_cyrus.c +=================================================================== +--- sx/sasl_cyrus.c (revision 349) ++++ sx/sasl_cyrus.c (working copy) +@@ -745,7 +745,7 @@ + /** process handshake packets from the client */ + static void _sx_sasl_client_process(sx_t s, sx_plugin_t p, char *mech, char *in, int inlen) { + _sx_sasl_data_t sd = (_sx_sasl_data_t) s->plugin_data[p->index]; +- char *buf, *out; ++ char *buf = NULL, *out = NULL; + int buflen, outlen, ret; + + /* decode the response */ +@@ -760,8 +760,15 @@ + /* process the data */ + if(mech != NULL) + ret = sasl_server_start(sd->sasl, mech, buf, buflen, (const char **) &out, &outlen); +- else ++ else { ++ if(!sd->sasl) { ++ _sx_debug(ZONE, "response send before auth request enabling mechanism (decoded: %.*s)", buflen, buf); ++ _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK), 0); ++ if(buf != NULL) free(buf); ++ return; ++ } + ret = sasl_server_step(sd->sasl, buf, buflen, (const char **) &out, &outlen); ++ } + + if(buf != NULL) free(buf); + +Index: sx/sasl_gsasl.c +=================================================================== +--- sx/sasl_gsasl.c (revision 351) ++++ sx/sasl_gsasl.c (working copy) +@@ -349,16 +349,14 @@ + else { + /* decode and process */ + _sx_sasl_decode(in, inlen, &buf, &buflen); +- _sx_debug(ZONE, "response from client (decoded: %.*s)", buflen, buf); +- ret = gsasl_step(sd, buf, buflen, &out, (size_t *) &outlen); +- if(ret != GSASL_OK && ret != GSASL_NEEDS_MORE) { +- _sx_debug(ZONE, "gsasl_step failed, no sasl for this conn; (%d): %s", ret, gsasl_strerror(ret)); +- _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MALFORMED_REQUEST), 0); +- if(out != NULL) free(out); ++ if(!sd) { ++ _sx_debug(ZONE, "response send before auth request enabling mechanism (decoded: %.*s)", buflen, buf); ++ _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK), 0); + if(buf != NULL) free(buf); + return; + } +- ++ _sx_debug(ZONE, "response from client (decoded: %.*s)", buflen, buf); ++ ret = gsasl_step(sd, buf, buflen, &out, (size_t *) &outlen); + } + + if(buf != NULL) free(buf); +Index: sx/sasl_scod.c +=================================================================== +--- sx/sasl_scod.c (revision 349) ++++ sx/sasl_scod.c (working copy) +@@ -258,10 +258,15 @@ + } + + else { +- _sx_debug(ZONE, "response from client"); +- + /* decode and process */ + _sx_sasl_decode(in, inlen, &buf, &buflen); ++ if(!sd) { ++ _sx_debug(ZONE, "response send before auth request enabling mechanism (decoded: %.*s)", buflen, buf); ++ _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK), 0); ++ if(buf != NULL) free(buf); ++ return; ++ } ++ _sx_debug(ZONE, "response from client (decoded: %.*s)", buflen, buf); + ret = scod_server_step(sd, buf, buflen, &out, &outlen); + } + |