INN commit: trunk/nnrpd (sasl.c)
INN Commit
Russ_Allbery at isc.org
Wed Dec 31 19:05:45 UTC 2008
Date: Wednesday, December 31, 2008 @ 11:05:45
Author: iulius
Revision: 8270
Only AUTHINFO SASL PLAIN and AUTHINFO SASL EXTERNAL are vulnerable.
Other SASL mechanisms can be used without an active TLS layer.
Modified:
trunk/nnrpd/sasl.c
--------+
sasl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Modified: sasl.c
===================================================================
--- sasl.c 2008-12-31 18:58:09 UTC (rev 8269)
+++ sasl.c 2008-12-31 19:05:45 UTC (rev 8270)
@@ -150,9 +150,11 @@
}
#ifdef HAVE_SSL
- /* Check whether STARTTLS must be used before trying to authenticate. */
+ /* Check whether STARTTLS must be used before trying to authenticate
+ * with AUTHINFO SASL PLAIN or AUTHINFO SASL EXTERNAL. */
if (PERMcanauthenticate && !PERMcanauthenticatewithoutSSL
- && !nnrpd_starttls_done) {
+ && !nnrpd_starttls_done && ((strcasecmp(mech, "PLAIN") == 0
+ || strcasecmp(mech, "EXTERNAL") == 0))) {
Reply("%d Encryption required\r\n", NNTP_FAIL_PRIVACY_NEEDED);
return;
}
More information about the inn-committers
mailing list