This fixes a potential off-by-one overflow while verifying
	passwords against saslauthd, using unix sockets. 

	Notes
	=====

	Totally untested.

	Flames To
	=========

	Alejandro Gramajo <agramjo at sinectis dot com dot ar>
	Leandro Santi <lesanti at sinectis dot com dot ar>

diff -U10 -ur cyrus-sasl-2.1.15.orig/lib/checkpw.c cyrus-sasl-2.1.15.patched/lib/checkpw.c
--- cyrus-sasl-2.1.15.orig/lib/checkpw.c	Wed Mar 19 15:25:27 2003
+++ cyrus-sasl-2.1.15.patched/lib/checkpw.c	Mon Dec 15 17:28:36 2003
@@ -587,21 +587,21 @@
 	    return SASL_FAIL;
 	}
 	
 	count = ntohs(count);
 	if (count < 2) { /* MUST have at least "OK" or "NO" */
 	    close(s);
 	    sasl_seterror(conn, 0, "bad response from saslauthd");
 	    return SASL_FAIL;
 	}
 	
-	count = (int)sizeof(response) < count ? sizeof(response) : count;
+	count = (int)sizeof(response) <= count ? sizeof(response) - 1 : count;
 	if (retry_read(s, response, count) < count) {
 	    close(s);
 	    sasl_seterror(conn, 0, "read failed");
 	    return SASL_FAIL;
 	}
 	response[count] = '\0';
     }
 
     close(s);
 #endif /* USE_DOORS */