[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL 2.0.25 libdigestmd5 memory leak [OpenLDAP (ITS#8566)]

Greetings, SASL developers.  I recognize the version of SASL2 I'm using 
is long in tooth, but looking at the code, I believe a memory leak I've 
encountered is still present in 2.1.26 (latest source I've seen).

The problem from an OpenLDAP client viewpoint is described in detail at:


digestmd5.c sasl_client_start()/sasl_client_step(), when called for a 
new SASL DIGEST-MD5 authentication each time after the first such case, 
appear to abandon and re-allocate from scratch (without freeing) a 
[con]text->out_buf allocated and expanded during the previous 
authentication cycle by _plug_buf_alloc() on behalf of add_to_challenge().

In my case, each DIGEST-MD5 authentication after the first leaks 500-600 
bytes, regardless of whether sasl_dispose() is called between successive 

I suspect, but have not proven, that this is because 
"text->out_buf=NULL" appears twice in digestmd5.c, in both 
make_client_response() and digestmd5_server_mech_step1().  If both 
instances were executed for one authentication cycle, it could produce 
the memory leak in question.

The latter instance (in digestmd5_server_mech_step1()) might need to 
free any block addressed by the pointer before nullifying it.  Sorry I 
can't provide a patch or stronger evidence, but the logic here is a bit 
complex for a casual onlooker to tackle.

Thanks for your efforts,
Bill Clay