[Date Prev][Date Next]
SASL 2.0.25 libdigestmd5 memory leak [OpenLDAP (ITS#8566)]
Greetings, SASL developers. I recognize the version of SASL2 I'm using
is long in tooth, but looking at the code, I believe a memory leak I've
encountered is still present in 2.1.26 (latest source I've seen).
The problem from an OpenLDAP client viewpoint is described in detail at:
digestmd5.c sasl_client_start()/sasl_client_step(), when called for a
new SASL DIGEST-MD5 authentication each time after the first such case,
appear to abandon and re-allocate from scratch (without freeing) a
[con]text->out_buf allocated and expanded during the previous
authentication cycle by _plug_buf_alloc() on behalf of add_to_challenge().
In my case, each DIGEST-MD5 authentication after the first leaks 500-600
bytes, regardless of whether sasl_dispose() is called between successive
I suspect, but have not proven, that this is because
"text->out_buf=NULL" appears twice in digestmd5.c, in both
make_client_response() and digestmd5_server_mech_step1(). If both
instances were executed for one authentication cycle, it could produce
the memory leak in question.
The latter instance (in digestmd5_server_mech_step1()) might need to
free any block addressed by the pointer before nullifying it. Sorry I
can't provide a patch or stronger evidence, but the logic here is a bit
complex for a casual onlooker to tackle.
Thanks for your efforts,