Ticket #155: 155-valid-jid-withouth-realm.patch

c2s/c2s.c

@@ -244 +244 @@
 
                     snprintf(resource_buf, 1024, "%.*s", NAD_CDATA_L(nad, elem), NAD_CDATA(nad, elem));
                     /* Put resource into JID */
-                    if (jid_reset_components(jid, jid->node, jid->domain, resource_buf) == NULL) {
+                    if (jid == NULL || jid_reset_components(jid, jid->node, jid->domain, resource_buf) == NULL) {
                         log_debug(ZONE, "invalid jid data");
                         sx_nad_write(sess->s, stanza_error(nad, 0, stanza_err_BAD_REQUEST));
                         

sx/sasl_gsasl.c

@@ -152 +152 @@
 
 /** move the stream to the auth state */
 void _sx_sasl_open(sx_t s, Gsasl_session *sd) {
-    char *method, *authzid = NULL;
+    char *method, *authzid, *realm = NULL;
     struct sx_sasl_creds_st creds = {NULL, NULL, NULL, NULL};
     _sx_sasl_t ctx = gsasl_session_hook_get(sd);
     
@@ -173 +173 @@
         }
     } else {
         /* override unchecked arbitrary authzid */
-        if(creds.realm) {
-            authzid = (char *) malloc(sizeof(char) * (strlen(creds.authnid) + strlen(creds.realm) + 2));
-            sprintf(authzid, "%s@%s", creds.authnid, creds.realm);
-            creds.authzid = authzid;
+        if(creds.realm && creds.realm[0] != '\0') {
+            realm = creds.realm;
         } else {
-            creds.authzid = creds.authnid;
+            realm = s->req_to;
         }
+        authzid = (char *) malloc(sizeof(char) * (strlen(creds.authnid) + strlen(realm) + 2));
+        sprintf(authzid, "%s@%s", creds.authnid, realm);
+        creds.authzid = authzid;
     }
 
     /* proceed stream to authenticated state */