[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: I think there's a bug with p->sasl_maxbuf in cyrus.c

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dave Snoopy

> Hi All,
> I think there's a bug with p->sasl_maxbuf in cyrus.c.
> I'll explain what I think the bug is first, and then
> explain how I came across it afterward.

> In either case, the incorrect parsing of the field
> resulted in a server buffer size which was lower than
> the packet sizes that I was actually receiving from
> the server. I didn't think that this should really
> matter, since I send very small packets (requests) to
> the server anyway. Researching this problem led me to
> the OpenLDAP find.

Perhaps there's a bug here. The Cyrus code has changed enough times that we
may have missed something. But the SASL RFCs (see RFC 2222 and 2831) specify
that both the client and the server send each other a maxbuf value, and I
presume that we have to honor it. A comment was made at one time that the
SASL library insures this itself, so perhaps we can remove those checks. I've
found that relying on the Cyrus SASL library to Do The Right Thing has often
led to frustration... Maybe you should submit a new ITS for this if you
actually want someone to investigate it.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support