--- ./subversion/svnserve/cyrus_auth.c.orig	2014-01-26 22:04:31.000000000 -0600
+++ ./subversion/svnserve/cyrus_auth.c	2016-04-30 15:00:31.936038054 -0500
@@ -73,6 +73,8 @@
     {
       /* The only valid realm is user_realm (i.e. the repository's realm).
          If the user gave us another realm, complain. */
+      if (realm_len != inlen-(pos-in+1))
+        return SASL_BADPROT;
       if (strncmp(pos+1, user_realm, inlen-(pos-in+1)) != 0)
         return SASL_BADPROT;
     }