[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL leak in slapd (ITS#1952)



Not sure which version of SASL exactly, the library version is 2.2.0.1.
Jason? (This is regarding Radar 2997100.)

Probably a Cyrus problem, though.

-- Luke

>From: Howard Chu <openldap-its@OpenLDAP.org>
>Subject: Re: SASL leak in slapd (ITS#1952)
>To: lukeh@padl.com
>Date: Mon, 5 Aug 2002 17:49:18 GMT
>
>Which version of Cyrus SASL? Which SASL mechanism?
>
>In Cyrus 1.5.28 the DIGEST-MD5 mechanism leaks 3 blocks per bind for a total of
>532 bytes per bind due to the RC4 encryption context. (2 264 byte blocks for the
>RC4 enc/dec context, not sure where the 4 byte digest_strdup leaked from.) There
>are probably many more, but these should be reported to the Cyrus bug lists.
>

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com