From c6d4bab1608c330c0ef9b0d4b0aea886412c9738 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Thu, 10 Sep 2015 00:12:31 -0500
Subject: [PATCH] Fix incorrect SASL property fetch calls This resolves the
 long-standing incorrect buffer size issues

---
 lib/libtdekrb/src/tdekrbclientsocket.cpp | 13 +++++++++----
 lib/libtdekrb/src/tdekrbserversocket.cpp | 13 +++++++++----
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/lib/libtdekrb/src/tdekrbclientsocket.cpp b/lib/libtdekrb/src/tdekrbclientsocket.cpp
index 15ca9ea..4bf840b 100644
--- a/lib/libtdekrb/src/tdekrbclientsocket.cpp
+++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp
@@ -810,6 +810,7 @@ void TDEKerberosClientSocket::continueKerberosInitialization() {
 	const char *data = 0;
 	const char *chosenmech = 0;
 	sasl_ssf_t *ssf = 0;
+	const void *sasl_prop_ptr;
 
 	if (m_krbInitRunning) {
 		switch (m_krbInitState) {
@@ -957,7 +958,8 @@ void TDEKerberosClientSocket::continueKerberosInitialization() {
 				break;
 			case 2:
 				if (state() == TQSocket::Connected) {
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, &sasl_prop_ptr);
+					data = (const char *)sasl_prop_ptr;
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine authenticated username!\n\r");
 					}
@@ -966,7 +968,8 @@ void TDEKerberosClientSocket::continueKerberosInitialization() {
 					}
 
 #if 0
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, &sasl_prop_ptr);
+					data = (const char *)sasl_prop_ptr;
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine authenticated realm!\n\r");
 					}
@@ -975,7 +978,8 @@ void TDEKerberosClientSocket::continueKerberosInitialization() {
 					}
 #endif
 				
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, &sasl_prop_ptr);
+					ssf = (sasl_ssf_t *)sasl_prop_ptr;
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine SSF!\n\r");
 					}
@@ -983,7 +987,8 @@ void TDEKerberosClientSocket::continueKerberosInitialization() {
 						printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
 					}
 
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, &sasl_prop_ptr);
+					m_negotiatedMaxBufferSize = *((unsigned*)sasl_prop_ptr);
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine maximum buffer size!\n\r");
 						m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE;
diff --git a/lib/libtdekrb/src/tdekrbserversocket.cpp b/lib/libtdekrb/src/tdekrbserversocket.cpp
index a924236..2c21517 100644
--- a/lib/libtdekrb/src/tdekrbserversocket.cpp
+++ b/lib/libtdekrb/src/tdekrbserversocket.cpp
@@ -804,6 +804,7 @@ void TDEKerberosServerSocket::continueKerberosInitialization() {
 	int slen;
 	char buf[NET_SEC_BUF_SIZE];
 	sasl_ssf_t *ssf;
+	const void *sasl_prop_ptr;
 
 	if (m_krbInitRunning) {
 		switch (m_krbInitState) {
@@ -916,7 +917,8 @@ void TDEKerberosServerSocket::continueKerberosInitialization() {
 						sendSASLDataToNetwork(m_krbInitData, m_krbInitLastLen);
 					}
 
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&m_krbInitData);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, &sasl_prop_ptr);
+					m_krbInitData = (const char *)sasl_prop_ptr;
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine authenticated username!\n\r");
 					}
@@ -926,7 +928,8 @@ void TDEKerberosServerSocket::continueKerberosInitialization() {
 					}
 
 #if 0
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&m_krbInitData);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&sasl_prop_ptr);
+					m_krbInitData = (const char *)sasl_prop_ptr;
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine authenticated realm!\n\r");
 					}
@@ -938,7 +941,8 @@ void TDEKerberosServerSocket::continueKerberosInitialization() {
 					m_authenticatedRealmName = "(NULL)";
 #endif
 
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, &sasl_prop_ptr);
+					ssf = (sasl_ssf_t *)sasl_prop_ptr;
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine SSF!\n\r");
 					}
@@ -946,7 +950,8 @@ void TDEKerberosServerSocket::continueKerberosInitialization() {
 						printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
 					}
 
-					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize);
+					m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, &sasl_prop_ptr);
+					m_negotiatedMaxBufferSize = *((unsigned*)sasl_prop_ptr);
 					if (m_krbInitResult != SASL_OK) {
 						printf("[WARNING] Unable to determine maximum buffer size!\n\r");
 						m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE;