RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)

[igor@ipass.net]

Kurt,

I posted another patch: ftp://ftp.openldap.org/incoming/2423-2.patch

openldap needs to run sasl_client_init() for every ldap_init*() now.

-Igor

>On Tue, 15 Apr 2003, Igor Brezac wrote:
>
>>
>> On Tue, 15 Apr 2003, Kurt D. Zeilenga wrote:
>>
>> > Please upload this patch again.  I mistakenly deleted it.
>> >
>>
>> Patch uploaded: ftp://ftp.openldap.org/incoming/2423.patch
>>
>> -Igor
>>
>> > Kurt
>> >
>> >
>> > At 03:33 PM 4/15/2003, you wrote:
>> >
>> > >On Mon, 14 Apr 2003, Howard Chu wrote:
>> > >
>> > >> > > I think sasl_done() needs to be called during ldap_unbind() and
>> > >> > > ldap_int_sasl_init() needs to be called every time
>> > >> ldap_init(ialize)()
>> > >> > > runs rather than just once.  Please see attached patch.
>> > >> My patch also
>> > >> > > fixes threadsafe issue in ldap_int_sasl_init().
>> > >> >
>> > >> > This solution isn't any better. My interpretation of the
>> > >> SASL docs is that
>> > >> > sasl_done() only needs to be called once, at the end of the
>> > >> particular
>> > >
>> > >This is an incorrect interpretation according to the Cyrus team;
>> > >sasl_done() is meant to be used multiple times within an application.
>> > >
>> > >However, cyrus bug 1963 is preventing sasl_done() from being used
>> > >properly.  The bug is currently being worked on.
>> > >
>> > >> This is probably true until cyrus-sasl bug 1963 is developed.
>> > >> sasl_done() clears digest-md5 reauth buffer.  This is what causes the
>> > >> leak, the buffer is never cleared.
>> > >
>> > >> > Patch like the one I proposed still needs to be applied to openldap.
>> > >>
>> > >> No. Your patch masks one problem with another. The DIGEST-MD5 code needs to
>> > >> be fixed.
>> > >>
>> > >
>> > >I wrote the patch with the above in mind.
>> > >
>> > >Please let me know what an acceptable patch needs to do.
>> > >
>> > >--
>> > >Igor
>> >
>> >
>>
>>
>
>--
>Igor