On Thu, Apr 13, 2006 at 04:05:56PM +0200, Marcel Holtmann wrote: > Hi Alexey, > > > >the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you > > >tell us when it got fixed and point to actual patch in the CVS. I assume > > >that this issue has already been fixed in version 2.1.20, but I might be > > >wrong. > > > > > > > > Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any > > versions in between. > > can you point us to the fix in the CVS for this problem, it would be > terrific to know for sure how it has been fixed. It is apparently: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.173&r2=1.175 (Thanks to the guy who mailed me off-list ;) > Do you also have some code for testing this, so we can verify this > problem by ourself? Lack of realm component can cause a NULL pointer deref (I think). Ciao, Marcus
