[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)

To: openldap-its@OpenLDAP.org
Subject: RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)
From: igor@ypass.net
Date: Wed, 30 Apr 2003 14:15:01 GMT

> >> > >On Mon, 14 Apr 2003, Howard Chu wrote:
> >> > >
> >> > >> > > I think sasl_done() needs to be called during ldap_unbind() and
> >> > >> > > ldap_int_sasl_init() needs to be called every time
> >> > >> ldap_init(ialize)()
> >> > >> > > runs rather than just once.  Please see attached patch.
> >> > >> My patch also
> >> > >> > > fixes threadsafe issue in ldap_int_sasl_init().
> >> > >> >
> >> > >> > This solution isn't any better. My interpretation of the
> >> > >> SASL docs is that
> >> > >> > sasl_done() only needs to be called once, at the end of the
> >> > >> particular
> >> > >
> >> > >This is an incorrect interpretation according to the Cyrus team;
> >> > >sasl_done() is meant to be used multiple times within an application.
> >> > >
> >> > >However, cyrus bug 1963 is preventing sasl_done() from being used
> >> > >properly.  The bug is currently being worked on.
> >> > >

Cyrus team has posted a fix for bug 1963 in cvs.

> >> > >> This is probably true until cyrus-sasl bug 1963 is developed.
> >> > >> sasl_done() clears digest-md5 reauth buffer.  This is what causes the
> >> > >> leak, the buffer is never cleared.
> >> > >
> >> > >> > Patch like the one I proposed still needs to be applied to openldap.
> >> > >>
> >> > >> No. Your patch masks one problem with another. The DIGEST-MD5 code needs to
> >> > >> be fixed.
> >> > >>
> >> > >
> >> > >I wrote the patch with the above in mind.
> >> > >
> >> > >Please let me know what an acceptable patch needs to do.
> >> > >
> >> > >--
> >> > >Igor
> >> >
> >> >
> >>
> >>
> >
> >--
> >Igor
>
>

-- 
Igor

Prev by Date: Re: mutiple sasl_bind within the same ldap session (ITS#2424)
Next by Date: error loading ucdata (error -127) (ITS#2476)
Index(es):
- Chronological
- Thread