Julien ÉLIE wrote:
Hi Ken,
Thanks for this new release.
Major fixes in Cyrus SASL 2.1.25:
* Fixed a crash caused by aborted SASL authentication
and initiation of another one using the same SASL context.
Is it related to the use of "*" by a client?
In some variants of authentication the problem was caused by "*", yes.
I remembered having changed how INN handles SASL negotiations because
the SASL server did not work well after an authentication failure.
http://inn.eyrie.org/trac/changeset/8045
Restart the SASL server after authentication failure.
-> run sasl_dispose() followed by sasl_server_new() after the
client sends "*" or the authentication failed.
Does it mean that this patch is no longer necessary with Cyrus SASL
2.1.25?
I think this patch should stay and it is safe.
Also, is this bug now fixed?
http://inn.eyrie.org/trac/changeset/8044
It appears that sasl_decode64() returns SASL_CONTINUE instead of
SASL_BADPROT when there is a base64-encoding error.
sasl_decode64 can return a number of error codes (SASL_BUFOVER is
another one) and relying that it will always returns SASL_BADPROT is a
bad coding practice, IMHO. Everything != SASL_OK should be treated with
the exception of SASL_CONTINUE. SASL_CONTINUE is only returned when
there is an incomplete base64 string. Whether this is an error or not,
it depends on the application. I.e. if there is no more data coming,
then it is an error.
