Re: ldap_sasl_interactive_bind_s leaks? (ITS#2423)

[igor@ipass.net]

On Sat, 5 Apr 2003, Kurt Zeilenga wrote:

> Additional information is needed to access your report.
>
> What version of Cyrus SASL was used here?

The latest CVS version.  It is pretty much 2.1.12.

> Which SASL mechanism was used here?

DGEST-MD5.  Please see my sample program.

> Is the problem evident in client tools distributed with OpenLDAP?
> If so, which?  Details? (command line)

I suspect there is a leak in all client tools that perform sasl bind (at
least with DIGEST-MD and probably others such as CRAM and PLAIN, I am not
sure about EXTERNAL).  Please see attached code in ITS which is a
condensed version of what openldap clients tools do.

The following code in $openldap_src/libraries/liblutil/sasl.c is the
suspect:

        if( interact->len > 0 ) {
                /* duplicate */
                char *p = (char *)interact->result;
                interact->result = strdup( p );

                /* zap */
                memset( p, '\0', interact->len );

        } else {
use_default:
                /* input must be empty */
                interact->result = strdup( (dflt && *dflt) ? dflt : "" );
                interact->len = interact->result
                        ? strlen( interact->result ) : 0;
        }

strdup()s are not cleared anywhere, at least that I can find.

There is an attempt to free some of this memory in lutil_sasl_interact,
but I do not belive this works.  ldap_sasl_interactive_bind_s() also
clears one prompt buffer, but it does not catch all.

Please let me know if you need more info.  It is hard for me the measure
or identify leaks in the client tool utilities because those tools are
short leaved and leaks are cleared after the program exits.  I am trying
to add sasl binds to authentication modules and repeat calls to
ldap_sasl_interactive_bind_s appears to leak.

Hope this helps.

-- 
Igor