[JDEV] Problems with SASL DIGEST-MD5 mechanism.

Robert Norris rob at cataclysm.cx
Mon Dec 15 17:27:17 CST 2003 

On Mon, Dec 15, 2003 at 05:38:35PM +0300, Alexey Nezhdanov wrote:
> I found the bug. I can not say for sure if client or server is buggy but this 
> is the cause:

> python method base64.encodestring(smth) produces base64 code that 
> *separated*by*newlines*. It is seen on my debug output:

> DEBUG: socket       sent  <response 
> xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>Y2hhcnNldD11dGYtOCx1c2VybmFtZT0idGVzdCIscmVhbG09Indvb2R5OC5wZW56YS1nc20ucnUi
> \nLG5vbmNlPSJjYTIxZTFkNzkxYTQzOGQ1N2VhYzc0MDNhMGFlOGEyMzBkODFkNDUzIixuYz0wMDAw
> \nMDAwMSxjbm9uY2U9Ik9BNk1IWGg2VnFUclJrIixkaWdlc3QtdXJpPSJ4bXBwLyIscmVzcG9uc2U9
> \nMmNjOTc1ZTc4OGExNTAwZjQwODVlNTY5NjYxYjY1MGEscW9wPWF1dGg=\n</response>
> ^^

> And the C implementation of base64 that jabberd2 uses sees this as incorrect 
> padding and cutting my response, so the c2s returns "error 34: malformed 
> data".

RFC 3548 has this:

2.1.  Line feeds in encoded data

   MIME [3] is often used as a reference for base 64 encoding.  However,
   MIME does not define "base 64" per se, but rather a "base 64
   Content-Transfer-Encoding" for use within MIME.  As such, MIME
   enforces a limit on line length of base 64 encoded data to 76
   characters.  MIME inherits the encoding from PEM [2] stating it is
   "virtually identical", however PEM uses a line length of 64
   characters.  The MIME and PEM limits are both due to limits within
   SMTP.

   Implementations MUST NOT not add line feeds to base encoded data
   unless the specification referring to this document explicitly
   directs base encoders to add line feeds after a specific number of
   characters.

XMPP Core makes no reference to adding linefeeds (that I can find);
thus, the client is at fault.

Rob.

-- 
Robert Norris                                       GPG: 1024D/FC18E6C2
Email+Jabber: rob at cataclysm.cx                Web: http://cataclysm.cx/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.jabber.org/jdev/attachments/20031216/9c9a766a/attachment-0002.pgp>

More information about the JDev mailing list