--- a/src/auth/mech-gssapi.c	Fri Aug 14 02:54:02 2009 -0400
+++ b/src/auth/mech-gssapi.c	Fri Aug 14 02:54:41 2009 -0400
@@ -213,6 +213,18 @@
 	return name;
 }
 
+static bool data_has_nuls(const void *data, unsigned int len)
+{
+	const unsigned char *c = data;
+	unsigned int i;
+
+	for (i = 0; i < len; i++) {
+		if (c[i] == '\0')
+			return TRUE;
+	}
+	return FALSE;
+}
+
 static int get_display_name(struct auth_request *auth_request, gss_name_t name,
 			    gss_OID *name_type_r, const char **display_name_r)
 {
@@ -226,6 +238,11 @@
 				      GSS_C_GSS_CODE, "gss_display_name");
 		return -1;
 	}
+	if (data_has_nuls(buf.value, buf.length)) {
+		auth_request_log_info(auth_request, "gssapi",
+				      "authn_name has NULs");
+		return -1;
+	}
 	*display_name_r = t_strndup(buf.value, buf.length);
 	(void)gss_release_buffer(&minor_status, &buf);
 	return 0;
@@ -497,6 +514,12 @@
 	name = (unsigned char *)outbuf.value + 4;
 	name_len = outbuf.length - 4;
 
+	if (data_has_nuls(name, name_len)) {
+		auth_request_log_info(auth_request, "gssapi",
+				      "authz_name has NULs");
+		return -1;
+	}
+
 	login_user = p_strndup(auth_request->pool, name, name_len);
 	request->authz_name = import_name(auth_request, name, name_len);
 	if (request->authz_name == GSS_C_NO_NAME) {