[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "
From: |
Simon Josefsson |
Subject: |
Re: Bug: RFC2831 noncompliance - "charset=utf-8" in challenge REQUIRES "charset=utf-8" in response |
Date: |
Tue, 25 Mar 2008 23:39:28 +0100 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
Thanks for forwarding this. I've identified the cause:
int
digest_md5_validate (digest_md5_challenge * c, digest_md5_response * r)
{
...
if (c->utf8 != r->utf8)
return -1;
Thus, if the server and client have different charset=utf8 values, the
authentication is refused.
The code needs to permit where the client did not send charset=utf8,
however in this case it needs to upgrade the string from ISO-8859-1 to
UTF-8 because GNU SASL is a strict UTF-8 library.
I'll see if I can produce a patch shortly.
/Simon
marty <address@hidden> writes:
> This bug was encountered using
>
>
> jabberd2 2.1.23 w/ GSASL 0.2.25
>
>
> Pidgin 2.4.0 (Cyrus-based SASL)
>
>
> In summary, the issue is that jabberd2 (as a consequence of gsasl)
> indicates support for "charset=utf-8" in the challenge, and then
> consequently _requires_ that the response contain a "charset=utf-8"
> directive. This expectation is contrary to the RFC, which only states
> that the "charset=utf-8" directive in the challenge indicates server
> support for _optional_ utf-8 encoding of the response.
>
> For details, please refer to the following:
>
> (bug against jabberd2) http://jabberd2.xiaoka.com/ticket/200
>
> (original bug against Pidgin) http://developer.pidgin.im/ticket/5213