Hello to all readers! Are there any known problems with the DIGEST-MD5 (CRAM-MD5?) authentication mechanisms in Cyrus SASL 1.5.27 that comes with SuSE 8.0? When i use DIGEST-MD5 to authenticate a SuSE 8.0 box (sendmail 8.12.2/8.12.3) against a sendmail 8.12.2 Server on SuSE 7.3 the network connection breaks. Authentication via the LOGIN mechanism works fine and i am pretty sure that it is not a configuration problem. Also, the cyradm tool for the Cyrus IMAPD does not work well on 8.0 (also uses DIGEST-MD5 to authenticate against the IMAPD). Did anyone here encounter similar problems? TIA -- Best regards / Mit freundlichen Gruessen, Andreas Amann < andreas.amann@epost.de > =========================================
On Mon, 15 Apr 2002, Andreas Amann wrote:
Hello to all readers!
Are there any known problems with the DIGEST-MD5 (CRAM-MD5?) authentication mechanisms in Cyrus SASL 1.5.27 that comes with SuSE 8.0?
When i use DIGEST-MD5 to authenticate a SuSE 8.0 box (sendmail 8.12.2/8.12.3) against a sendmail 8.12.2 Server on SuSE 7.3 the network connection breaks. Authentication via the LOGIN mechanism works fine and i am pretty sure that it is not a configuration problem. Also, the cyradm tool for the Cyrus IMAPD does not work well on 8.0 (also uses DIGEST-MD5 to authenticate against the IMAPD). Did anyone here encounter similar problems?
Btw.: only DIGEST-MD5 is affected by this. I posted this question to comp.mail.sendmail today. For completeness and your information i forward the response from Claus Assmann <ca+sendmail@mine.informatik.uni-kiel.de> here. Thanks to all the friendly people who answered to this question!!! -------------------------------------------------------------------- Claus Assmann <ca+sendmail@mine.informatik.uni-kiel.de> wrote: Most likely a problem with SASL 1.5.27. I sent some patches for dealing with malloc()/free() to CMU, maybe they will release 1.5.28. If you want to test the patches, here they are (see the XYZ below, it may require another change). *** lib/server.c.orig Sun Mar 17 06:46:41 2002 --- lib/server.c Sun Mar 17 06:47:24 2002 *************** *** 701,707 **** SASL_FAIL, 0, "couldn't identify flag '%s'", t); } ! free(t); } /* insert mechanism into mechlist */ --- 701,707 ---- SASL_FAIL, 0, "couldn't identify flag '%s'", t); } ! sasl_FREE(t); } /* insert mechanism into mechlist */ *** plugins/cram.c.orig Sun Mar 17 06:50:49 2002 --- plugins/cram.c Sun Mar 17 06:55:09 2002 *************** *** 601,607 **** memcpy(&version, sec->data, 4); version = ntohl(version); } ! free(sec); } if (version != CRAM_MD5_VERSION) { --- 601,607 ---- memcpy(&version, sec->data, 4); version = ntohl(version); } ! utils->free(sec); } if (version != CRAM_MD5_VERSION) { *** plugins/digestmd5.c.orig Sun Mar 17 06:51:51 2002 --- plugins/digestmd5.c Sun Mar 17 06:56:04 2002 *************** *** 1900,1905 **** --- 1900,1906 ---- if ((text->size > 0xFFFF) || (text->size < 0)) return SASL_FAIL; /* too big probably error */ + /* XYZ why not text->free/text->alloc ??? */ free(text->buffer); text->buffer = malloc(text->size); } *************** *** 2742,2748 **** memcpy(&tmpversion, sec->data, 4); tmpversion = ntohl(tmpversion); } ! free(sec); } if (result == SASL_NOUSER || result == SASL_FAIL) { return result; --- 2743,2749 ---- memcpy(&tmpversion, sec->data, 4); tmpversion = ntohl(tmpversion); } ! utils->free(sec); } if (result == SASL_NOUSER || result == SASL_FAIL) { return result; *** plugins//kerberos4.c.orig Sun Mar 17 06:54:08 2002 --- plugins//kerberos4.c Sun Mar 17 06:54:11 2002 *************** *** 446,452 **** *output = text->realloc(*output, *outputlen+extralen); memcpy(*output+*outputlen, extra, extralen); *outputlen+=extralen; ! free(extra); } } --- 446,452 ---- *output = text->realloc(*output, *outputlen+extralen); memcpy(*output+*outputlen, extra, extralen); *outputlen+=extralen; ! text->free(extra); } } -- Best regards / Mit freundlichen Gruessen, Andreas Amann < andreas.amann@epost.de > =========================================
participants (1)
-
Andreas Amann