[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)



On Mon, 14 Apr 2003, Howard Chu wrote:

> > > I think sasl_done() needs to be called during ldap_unbind() and
> > > ldap_int_sasl_init() needs to be called every time
> ldap_init(ialize)()
> > > runs rather than just once.  Please see attached patch.
> My patch also
> > > fixes threadsafe issue in ldap_int_sasl_init().
> >
> > This solution isn't any better. My interpretation of the
> SASL docs is that
> > sasl_done() only needs to be called once, at the end of the
> particular

This is an incorrect interpretation according to the Cyrus team;
sasl_done() is meant to be used multiple times within an application.

However, cyrus bug 1963 is preventing sasl_done() from being used
properly.  The bug is currently being worked on.

> This is probably true until cyrus-sasl bug 1963 is developed.
> sasl_done() clears digest-md5 reauth buffer.  This is what causes the
> leak, the buffer is never cleared.

> > Patch like the one I proposed still needs to be applied to openldap.
>
> No. Your patch masks one problem with another. The DIGEST-MD5 code needs to
> be fixed.
>

I wrote the patch with the above in mind.

Please let me know what an acceptable patch needs to do.

-- 
Igor