[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)



> -----Original Message-----
> From: Igor Brezac [mailto:igor@ipass.net]

> It turns out cyrus DIGEST-MD5 is not leaking.  Openldap API
> does not call
> sasl_done() to clear cyrus-sasl buffers.  Your ldapsearch.c
> patch includes
> sasl_done(), but I think this is a wrong solution: ldapsearch
> needs to be
> explicitely linked with -lsasl2 and if cyrus sasl is not
> configured with
> openldap, the compile will fail.

You're right, the patch is bad, it should be conditional #ifdef
HAVE_CYRUS_SASL.
>
> I think sasl_done() needs to be called during ldap_unbind() and
> ldap_int_sasl_init() needs to be called every time ldap_init(ialize)()
> runs rather than just once.  Please see attached patch.  My patch also
> fixes threadsafe issue in ldap_int_sasl_init().

This solution isn't any better. My interpretation of the SASL docs is that
sasl_done() only needs to be called once, at the end of the particular
application. The LDAP API doesn't provide a similar ldap_done() function to
cleanup its library, though it certainly needs one. The big problem with your
patch is if any client uses two (or more) LDAP sessions at once with SASL,
calling ldap_unbind on any one of them will tear down the SASL library for
all of them. That's certainly not correct.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support