[Exim] SPA-Authenticator - assertion failed

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Tom Kistner at ->
Delete this message
Reply to this message
Author: Stefan Kaltenbrunner
Date:  
To: Exim Users Mailing List
Subject: [Exim] SPA-Authenticator - assertion failed
Hi,

while playing around with the SPA-Authenticator, I found that feeding it
with arbitrary(aka nonsense) strings will result in the following
assertation(exim4.20+exiscan-acl on FreeBSD 4.8, nonport version):

35054 SMTP>> 334 NTLM supported
35054 SMTP>> 334
TlRMTVNTUAACAAAAAAAAAAAoAAABggAA3gBSclxrx9nsIiwoUJAOCEDqv78BZyso
assertion "len + 1 < sizeof buf" failed: file "auth-spa.c", line 1275
34925 child 35054 ended: status=0x6


which can easly reproduced with something like:

$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mastermind.madness.at ESMTP Testbed Wed, 06 Aug 2003 00:00:19 +0200
ehlo test
250-mastermind.madness.at Hello localhost [::1]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5 NTLM
250-STARTTLS
250 HELP
AUTH NTLM
334 NTLM supported
teststring
334 TlRMTVNTUAACAAAAAAAAAAAoAAABggAA3gBSclxrx9nsIiwoUJAOCEDqv78BZyso
teststring
Connection closed by foreign host.



I'm actually quite sure that I reported this one a _long_ time ago to
the original author of this particular code (Tom Kistner - IRC) but
somehow it got forgotten :-(


Stefan



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Exim SPA Authentication[Exim] URL correction for SPA post->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)