Taint: track SASL auth intermediate inputs

[exim.git] / src / src / auths / heimdal_gssapi.c

diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c
index 1336d0fab569451ddd21208ddbabd4b605e0ba47..59884ef58e2c32d0f3c2f1567c5dff23f436efe1 100644 (file)
--- a/src/src/auths/heimdal_gssapi.c
+++ b/src/src/auths/heimdal_gssapi.c
@@ -334,7 +334,7 @@ while (step < 4)
       break;
 
     case 1:
-      gbufdesc_in.length = b64decode(from_client, USS &gbufdesc_in.value);
+      gbufdesc_in.length = b64decode(from_client, USS &gbufdesc_in.value, GET_TAINTED);
       if (gclient)
         {
        maj_stat = gss_release_name(&min_stat, &gclient);
@@ -419,7 +419,7 @@ while (step < 4)
       break;
 
     case 3:
-      gbufdesc_in.length = b64decode(from_client, USS &gbufdesc_in.value);
+      gbufdesc_in.length = b64decode(from_client, USS &gbufdesc_in.value, GET_TAINTED);
       maj_stat = gss_unwrap(&min_stat,
          gcontext,
          &gbufdesc_in,       /* data from client */
@@ -565,9 +565,8 @@ do {
   if (!auth_defer_msg)
     auth_defer_msg = string_copy(US status_string.value);
 
-  HDEBUG(D_auth) debug_printf("heimdal %s: %.*s\n",
-      string_from_gstring(g), (int)status_string.length,
-      CS status_string.value);
+  HDEBUG(D_auth) debug_printf("heimdal %Y: %.*s\n",
+      g, (int)status_string.length, CS status_string.value);
   gss_release_buffer(&min_stat, &status_string);
 
   } while (msgcontext != 0);