[Date Prev][Date Next]
RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)
On Mon, 14 Apr 2003, Howard Chu wrote:
> > > I think sasl_done() needs to be called during ldap_unbind() and
> > > ldap_int_sasl_init() needs to be called every time
> > > runs rather than just once. Please see attached patch.
> My patch also
> > > fixes threadsafe issue in ldap_int_sasl_init().
> > This solution isn't any better. My interpretation of the
> SASL docs is that
> > sasl_done() only needs to be called once, at the end of the
This is an incorrect interpretation according to the Cyrus team;
sasl_done() is meant to be used multiple times within an application.
However, cyrus bug 1963 is preventing sasl_done() from being used
properly. The bug is currently being worked on.
> This is probably true until cyrus-sasl bug 1963 is developed.
> sasl_done() clears digest-md5 reauth buffer. This is what causes the
> leak, the buffer is never cleared.
> > Patch like the one I proposed still needs to be applied to openldap.
> No. Your patch masks one problem with another. The DIGEST-MD5 code needs to
> be fixed.
I wrote the patch with the above in mind.
Please let me know what an acceptable patch needs to do.