Phil Pennock wrote:
Folks,
Hi Phil,
Upgraded Cyrus-SASL via FreeBSD ports from 2.1.23 to 2.1.25 and mutt
started seg-faulting on authentication to my (cyrus) IMAP server.
Rebuilt mutt, etc, confirmed the usual suspects, but every time, a crash
on:
#0 0x000000080399e0c6 in sasl_gss_encode (context=0x802bfdc80, invec=Variable "invec" is not available.
) at gssapi.c:387
387 p[0] = (output_token->length>>24) & 0xFF;
p was always NULL.
Looked, and on a hunch tried a modification, attached as a patch; it
worked. What I suspect is happening is that _plug_buf_alloc() can
change the value of text->encode_buf, which is why the API takes its
address; thus taking a copy of it and putting it in "p" beforehand is a
mistake.
Unless p needs to be the original one, but since this patch works, I
suspect not. But I'm not familiar with the code, so am not 100% sure.
I think your patch is correct. I will commit.
Thanks for doing that.
Best Regards,
Alexey
I can believe that the behaviour and likelihood of realloc (or having a
NULL in the first place) depends upon the GSSAPI library implementation,
which might be why this hasn't shown up for others? I'm using Heimdal
1.4.
-Phil
