[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL 2.0.25 libdigestmd5 memory leak [OpenLDAP (ITS#8566)]

To: openldap-its@OpenLDAP.org
Subject: SASL 2.0.25 libdigestmd5 memory leak [OpenLDAP (ITS#8566)]
From: william.b.clay@acm.org
Date: Thu, 12 Jan 2017 23:11:42 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Greetings, SASL developers.  I recognize the version of SASL2 I'm using 
is long in tooth, but looking at the code, I believe a memory leak I've 
encountered is still present in 2.1.26 (latest source I've seen).

The problem from an OpenLDAP client viewpoint is described in detail at:

http://www.OpenLDAP.org/its/index.cgi?findid=8566

digestmd5.c sasl_client_start()/sasl_client_step(), when called for a 
new SASL DIGEST-MD5 authentication each time after the first such case, 
appear to abandon and re-allocate from scratch (without freeing) a 
[con]text->out_buf allocated and expanded during the previous 
authentication cycle by _plug_buf_alloc() on behalf of add_to_challenge().

In my case, each DIGEST-MD5 authentication after the first leaks 500-600 
bytes, regardless of whether sasl_dispose() is called between successive 
authentications.

I suspect, but have not proven, that this is because 
"text->out_buf=NULL" appears twice in digestmd5.c, in both 
make_client_response() and digestmd5_server_mech_step1().  If both 
instances were executed for one authentication cycle, it could produce 
the memory leak in question.

The latter instance (in digestmd5_server_mech_step1()) might need to 
free any block addressed by the pointer before nullifying it.  Sorry I 
can't provide a patch or stronger evidence, but the logic here is a bit 
complex for a casual onlooker to tackle.

Thanks for your efforts,
Bill Clay

Prev by Date: Re: (ITS#8561) ppolicy overlay and MMR delta-sync lost sync on switching to REFRESH
Next by Date: (ITS#8566) underlying Cyrus SASL libdigestmd5 bug reportedly fixed
Index(es):
- Chronological
- Thread