aboutsummaryrefslogtreecommitdiffstats
path: root/net-im/jabberd
diff options
context:
space:
mode:
Diffstat (limited to 'net-im/jabberd')
-rw-r--r--net-im/jabberd/Makefile1
-rw-r--r--net-im/jabberd/files/patch-sasl78
2 files changed, 79 insertions, 0 deletions
diff --git a/net-im/jabberd/Makefile b/net-im/jabberd/Makefile
index 0e9aee3f2f7e..dd4a308d649d 100644
--- a/net-im/jabberd/Makefile
+++ b/net-im/jabberd/Makefile
@@ -7,6 +7,7 @@
PORTNAME= jabberd
PORTVERSION= 2.1.14
+PORTREVISION= 1
CATEGORIES= net-im
MASTER_SITES= http://ftp.xiaoka.com/jabberd2/releases/
DIST_SUBDIR= jabber
diff --git a/net-im/jabberd/files/patch-sasl b/net-im/jabberd/files/patch-sasl
new file mode 100644
index 000000000000..f89776fccc0b
--- /dev/null
+++ b/net-im/jabberd/files/patch-sasl
@@ -0,0 +1,78 @@
+Index: sx/sasl_cyrus.c
+===================================================================
+--- sx/sasl_cyrus.c (revision 349)
++++ sx/sasl_cyrus.c (working copy)
+@@ -745,7 +745,7 @@
+ /** process handshake packets from the client */
+ static void _sx_sasl_client_process(sx_t s, sx_plugin_t p, char *mech, char *in, int inlen) {
+ _sx_sasl_data_t sd = (_sx_sasl_data_t) s->plugin_data[p->index];
+- char *buf, *out;
++ char *buf = NULL, *out = NULL;
+ int buflen, outlen, ret;
+
+ /* decode the response */
+@@ -760,8 +760,15 @@
+ /* process the data */
+ if(mech != NULL)
+ ret = sasl_server_start(sd->sasl, mech, buf, buflen, (const char **) &out, &outlen);
+- else
++ else {
++ if(!sd->sasl) {
++ _sx_debug(ZONE, "response send before auth request enabling mechanism (decoded: %.*s)", buflen, buf);
++ _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK), 0);
++ if(buf != NULL) free(buf);
++ return;
++ }
+ ret = sasl_server_step(sd->sasl, buf, buflen, (const char **) &out, &outlen);
++ }
+
+ if(buf != NULL) free(buf);
+
+Index: sx/sasl_gsasl.c
+===================================================================
+--- sx/sasl_gsasl.c (revision 351)
++++ sx/sasl_gsasl.c (working copy)
+@@ -349,16 +349,14 @@
+ else {
+ /* decode and process */
+ _sx_sasl_decode(in, inlen, &buf, &buflen);
+- _sx_debug(ZONE, "response from client (decoded: %.*s)", buflen, buf);
+- ret = gsasl_step(sd, buf, buflen, &out, (size_t *) &outlen);
+- if(ret != GSASL_OK && ret != GSASL_NEEDS_MORE) {
+- _sx_debug(ZONE, "gsasl_step failed, no sasl for this conn; (%d): %s", ret, gsasl_strerror(ret));
+- _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MALFORMED_REQUEST), 0);
+- if(out != NULL) free(out);
++ if(!sd) {
++ _sx_debug(ZONE, "response send before auth request enabling mechanism (decoded: %.*s)", buflen, buf);
++ _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK), 0);
+ if(buf != NULL) free(buf);
+ return;
+ }
+-
++ _sx_debug(ZONE, "response from client (decoded: %.*s)", buflen, buf);
++ ret = gsasl_step(sd, buf, buflen, &out, (size_t *) &outlen);
+ }
+
+ if(buf != NULL) free(buf);
+Index: sx/sasl_scod.c
+===================================================================
+--- sx/sasl_scod.c (revision 349)
++++ sx/sasl_scod.c (working copy)
+@@ -258,10 +258,15 @@
+ }
+
+ else {
+- _sx_debug(ZONE, "response from client");
+-
+ /* decode and process */
+ _sx_sasl_decode(in, inlen, &buf, &buflen);
++ if(!sd) {
++ _sx_debug(ZONE, "response send before auth request enabling mechanism (decoded: %.*s)", buflen, buf);
++ _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK), 0);
++ if(buf != NULL) free(buf);
++ return;
++ }
++ _sx_debug(ZONE, "response from client (decoded: %.*s)", buflen, buf);
+ ret = scod_server_step(sd, buf, buflen, &out, &outlen);
+ }
+