Neustradamus
commented
11 months ago @GuidoKiener: Good!
cc: @aamelnikov.
Closed GuidoKiener closed 4 months ago
Neustradamus
commented
11 months ago @GuidoKiener: Good!
cc: @aamelnikov.
Calculation of resultlen is wrong. E.g. if server allows only one mechanism SCRAM-SHA-256, the expected string for the mechlist_buf is "SCRAM-SHA-256-PLUS SCRAM-SHA-256" with a required size of 33 bytes and not 32 bytes. Note that (strlen(mysep) (s_conn->mech_length - 1) 2) = 0 when s_conn->mech_length = 1.