[Date Prev][Date Next]
Re: SASL leak in slapd (ITS#1952)
Not sure which version of SASL exactly, the library version is 22.214.171.124.
Jason? (This is regarding Radar 2997100.)
Probably a Cyrus problem, though.
>From: Howard Chu <openldap-its@OpenLDAP.org>
>Subject: Re: SASL leak in slapd (ITS#1952)
>Date: Mon, 5 Aug 2002 17:49:18 GMT
>Which version of Cyrus SASL? Which SASL mechanism?
>In Cyrus 1.5.28 the DIGEST-MD5 mechanism leaks 3 blocks per bind for a total of
>532 bytes per bind due to the RC4 encryption context. (2 264 byte blocks for the
>RC4 enc/dec context, not sure where the 4 byte digest_strdup leaked from.) There
>are probably many more, but these should be reported to the Cyrus bug lists.
Luke Howard | lukehoward.com
PADL Software | www.padl.com