Patch from Ted Ross to prevent sasl_decode overflow

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@949126 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 16 insertions, 5 deletions

diff --git a/extras/sasl/src/cyrus/saslwrapper.cpp b/extras/sasl/src/cyrus/saslwrapper.cpp
index 0243eaa168..f8b08acfa6 100644
--- a/extras/sasl/src/cyrus/saslwrapper.cpp
+++ b/extras/sasl/src/cyrus/saslwrapper.cpp
@@ -252,14 +252,25 @@ bool ClientImpl::encode(const string& clearText, output_string& cipherText)
 
 bool ClientImpl::decode(const string& cipherText, output_string& clearText)
 {
+    const char* input = cipherText.c_str();
+    unsigned int inLen = cipherText.size();
+    unsigned int remaining = inLen;
+    const char* cursor = input;
     const char* output;
     unsigned int outlen;
-    int result = sasl_decode(conn, cipherText.c_str(), cipherText.size(), &output, &outlen);
-    if (result != SASL_OK) {
-        setError("sasl_decode", result);
-        return false;
+
+    clearText = string();
+    while (remaining > 0) {
+        unsigned int segmentLen = (remaining < maxBufSize) ? remaining : maxBufSize;
+        int result = sasl_decode(conn, cursor, segmentLen, &output, &outlen);
+        if (result != SASL_OK) {
+            setError("sasl_decode", result);
+            return false;
+        }
+        clearText = clearText + string(output, outlen);
+        cursor += segmentLen;
+        remaining -= segmentLen;
     }
-    clearText = string(output, outlen);
     return true;
 }