[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: crasher in SASL authorization code (ITS#2234)

To: openldap-its@OpenLDAP.org
Subject: RE: crasher in SASL authorization code (ITS#2234)
From: hyc@highlandsun.com
Date: Thu, 12 Dec 2002 12:44:31 GMT

This particular section of code seems to be obsolete as of Cyrus 2.1.10. It
was trying to catch the case where a SASL mech passed the same string for the
authcID and the authzID in two separate canonicalize calls, instead of doing
a single call with (SASL_CU_AUTHID|SASL_CU_AUTHZID) set. With my last patch
to kerberos4.c though, none of the SASL mechs do this any more.

This section of code assumed the two-pass mech always did the authcID first,
but the EXTERNAL mech always does the authzID first, which is the real
problem. The fix is to detect that the authzID has already been done, and
leave c_sasl_dn NULL in that case. I'll commit a fix in a minute.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of lukeh@PADL.COM
> Sent: Wednesday, December 11, 2002 10:54 PM
> To: openldap-its@OpenLDAP.org
> Subject: Re: crasher in SASL authorization code (ITS#2234)
>
>
>
> I can stop slapd crashing by making a copy of "in" in
> slap_sasl_canonicalize():
>
> Index: sasl.c
> ===================================================================
> RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/sasl.c,v
> retrieving revision 1.134
> diff -u -r1.134 sasl.c
> --- sasl.c      4 Dec 2002 03:13:20 -0000       1.134
> +++ sasl.c      12 Dec 2002 06:52:44 -0000
> @@ -658,9 +658,16 @@
>          * conflict with slap_sasl_authorize's use of this temp var.
>          */
>         if ( flags == SASL_CU_AUTHID ) {
> +               conn->c_sasl_dn.bv_val = ch_strdup((char *)in);
> -               conn->c_sasl_dn.bv_val = (char *) in;
>         } else if ( flags == SASL_CU_AUTHZID &&
> conn->c_sasl_dn.bv_val ) {
>                 rc = strcmp( in, conn->c_sasl_dn.bv_val );
> +               ch_free(conn->c_sasl_dn.bv_val);
>                 conn->c_sasl_dn.bv_val = NULL;
>                 /* They were equal, no work needed */
>                 if ( !rc ) goto done;
>
> Not sure whether this is leaky or the right fix, but it at
> least stops slapd crashing...
>
> -- Luke
> --
> Luke Howard | PADL Software Pty Ltd | www.padl.com
>
>
>
>

Prev by Date: slapd stop problem (ITS#2236)
Next by Date: Re: crasher in try_read2msg() (ITS#2212)
Index(es):
- Chronological
- Thread