7:16 a.m.
Stephan Zeisberg wrote:
Hi Howard =E2=80=94
=20
Thanks for the quick reply. Will forward the report upstream to Cyrus S=
ASL.
For reference, this fixes the bug:
vielle:/home/software/cyrus-sasl> git diff
diff --git a/lib/common.c b/lib/common.c
index bc3bf1df..9969d6aa 100644
--- a/lib/common.c
+++ b/lib/common.c
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
if (add=3D=3DNULL) add =3D "(null)";
- addlen=3Dstrlen(add); /* only compute once */
+ addlen=3Dstrlen(add)+1; /* only compute once */
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=3DSASL_OK)
return SASL_NOMEM;
Git history shows this bug has existed since the code was originally writ=
ten in
ommit 061698456069833e244d66ce33c8f82c2cd63ce3
Author: Rob Siemborski <rjs3(a)andrew.cmu.edu>
Date: Tue Dec 4 01:59:43 2001 +0000
=20
Best
=20
=C2=A0=C2=A0=C2=A0 -Stephan
=20
On 11/28/19 3:54 PM, Howard Chu wrote:
> Resending with the non-printable chars omitted:
>
> Howard Chu wrote:
>> Thanks, but your trace clearly shows that this is a fault in Cyrus SA=
SL,
you should be reporting
>> this issue to them.
>>
>> valgrind confirms it as well:
>>
>> 5ddfddde do_bind: dn () SASL mech <garbage>
>> 5ddfddde =3D=3D> sasl_bind: dn=3D"" mech=3D<garbage>
>> datalen=3D0
>> =3D=3D11019=3D=3D Thread 3:
>> =3D=3D11019=3D=3D Invalid write of size 1
>> =3D=3D11019=3D=3D at 0x4B9B1DB: sasl_seterror (seterror.c:247)
>> =3D=3D11019=3D=3D by 0x4B9A18D: sasl_server_start (server.c:1418)
>> =3D=3D11019=3D=3D by 0x26B88B: slap_sasl_bind (sasl.c:1666)
>> =3D=3D11019=3D=3D by 0x21E130: fe_op_bind (bind.c:279)
>> =3D=3D11019=3D=3D by 0x21DCE1: do_bind (bind.c:205)
>> =3D=3D11019=3D=3D by 0x1F35BA: connection_operation (connection.c:=
1185)
>> =3D=3D11019=3D=3D by 0x1F3CE7: connection_read_thread
(connection.=
c:1342)
>> =3D=3D11019=3D=3D by 0x35DFF9:
ldap_int_thread_pool_wrapper (tpool=
.c:1048)
>> =3D=3D11019=3D=3D by 0x4DBE668: start_thread
(pthread_create.c:479=
)
>> =3D=3D11019=3D=3D by 0x4EFA322: clone (clone.S:95)
>> =3D=3D11019=3D=3D Address 0x62032a8 is 0 bytes after a block of size=
600
alloc'd
>> =3D=3D11019=3D=3D at 0x483CFAF: realloc (in
/usr/lib/x86_64-linux-=
gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
>> =3D=3D11019=3D=3D by 0x4B930A4: _buf_alloc
(common.c:2186)
>> =3D=3D11019=3D=3D by 0x4B93299: _sasl_add_string (common.c:196)
>> =3D=3D11019=3D=3D by 0x4B9B2D4: sasl_seterror (seterror.c:187)
>> =3D=3D11019=3D=3D by 0x4B9A18D: sasl_server_start (server.c:1418)
>> =3D=3D11019=3D=3D by 0x26B88B: slap_sasl_bind (sasl.c:1666)
>> =3D=3D11019=3D=3D by 0x21E130: fe_op_bind (bind.c:279)
>> =3D=3D11019=3D=3D by 0x21DCE1: do_bind (bind.c:205)
>> =3D=3D11019=3D=3D by 0x1F35BA: connection_operation (connection.c:=
1185)
>> =3D=3D11019=3D=3D by 0x1F3CE7: connection_read_thread
(connection.=
c:1342)
>> =3D=3D11019=3D=3D by 0x35DFF9:
ldap_int_thread_pool_wrapper (tpool=
.c:1048)
>> =3D=3D11019=3D=3D by 0x4DBE668: start_thread
(pthread_create.c:479=
)
>> =3D=3D11019=3D=3D
>> =3D=3D11019=3D=3D Invalid read of size 1
>> =3D=3D11019=3D=3D at 0x483DF54: strlen (in /usr/lib/x86_64-linux-g=
nu/valgrind/vgpreload_memcheck-amd64-linux.so)
>> =3D=3D11019=3D=3D by 0x4E53DE4: __vfprintf_internal
(vfprintf-inte=
rnal.c:1688)
>> =3D=3D11019=3D=3D by 0x4E67029: __vsnprintf_internal
(vsnprintf.c:=
114)
>> =3D=3D11019=3D=3D by 0x3A1FFA: lutil_debug (debug.c:74)
>> =3D=3D11019=3D=3D by 0x266FF3: slap_sasl_log (sasl.c:146)
>> =3D=3D11019=3D=3D by 0x4B9B4CF: sasl_seterror (seterror.c:260)
>> =3D=3D11019=3D=3D by 0x4B9A18D: sasl_server_start (server.c:1418)
>> =3D=3D11019=3D=3D by 0x26B88B: slap_sasl_bind (sasl.c:1666)
>> =3D=3D11019=3D=3D by 0x21E130: fe_op_bind (bind.c:279)
>> =3D=3D11019=3D=3D by 0x21DCE1: do_bind (bind.c:205)
>> =3D=3D11019=3D=3D by 0x1F35BA: connection_operation (connection.c:=
1185)
>> =3D=3D11019=3D=3D by 0x1F3CE7: connection_read_thread
(connection.=
c:1342)
>> =3D=3D11019=3D=3D Address 0x62032a8 is 0 bytes after a block
of size=
600 alloc'd
>> =3D=3D11019=3D=3D at 0x483CFAF: realloc (in
/usr/lib/x86_64-linux-=
gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
>> =3D=3D11019=3D=3D by 0x4B930A4: _buf_alloc
(common.c:2186)
>> =3D=3D11019=3D=3D by 0x4B93299: _sasl_add_string (common.c:196)
>> =3D=3D11019=3D=3D by 0x4B9B2D4: sasl_seterror (seterror.c:187)
>> =3D=3D11019=3D=3D by 0x4B9A18D: sasl_server_start (server.c:1418)
>> =3D=3D11019=3D=3D by 0x26B88B: slap_sasl_bind (sasl.c:1666)
>> =3D=3D11019=3D=3D by 0x21E130: fe_op_bind (bind.c:279)
>> =3D=3D11019=3D=3D by 0x21DCE1: do_bind (bind.c:205)
>> =3D=3D11019=3D=3D by 0x1F35BA: connection_operation (connection.c:=
1185)
>> =3D=3D11019=3D=3D by 0x1F3CE7: connection_read_thread
(connection.=
c:1342)
>> =3D=3D11019=3D=3D by 0x35DFF9:
ldap_int_thread_pool_wrapper (tpool=
.c:1048)
>> =3D=3D11019=3D=3D by 0x4DBE668: start_thread
(pthread_create.c:479=
)
>>
>>
>>
>>
>
=20
--=20
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1469
days inactive
1469
days old
0 comments
1 participants
participants (1)
-
hyc@symas.com