Cyrus SASL 2.1.25 Released
alexey.melnikov at isode.com
Thu Sep 15 04:49:54 EDT 2011
Julien ÉLIE wrote:
> Hi Ken,
> Thanks for this new release.
>> Major fixes in Cyrus SASL 2.1.25:
>> * Fixed a crash caused by aborted SASL authentication
>> and initiation of another one using the same SASL context.
> Is it related to the use of "*" by a client?
In some variants of authentication the problem was caused by "*", yes.
> I remembered having changed how INN handles SASL negotiations because
> the SASL server did not work well after an authentication failure.
> Restart the SASL server after authentication failure.
> -> run sasl_dispose() followed by sasl_server_new() after the
> client sends "*" or the authentication failed.
> Does it mean that this patch is no longer necessary with Cyrus SASL
I think this patch should stay and it is safe.
> Also, is this bug now fixed?
> It appears that sasl_decode64() returns SASL_CONTINUE instead of
> SASL_BADPROT when there is a base64-encoding error.
sasl_decode64 can return a number of error codes (SASL_BUFOVER is
another one) and relying that it will always returns SASL_BADPROT is a
bad coding practice, IMHO. Everything != SASL_OK should be treated with
the exception of SASL_CONTINUE. SASL_CONTINUE is only returned when
there is an incomplete base64 string. Whether this is an error or not,
it depends on the application. I.e. if there is no more data coming,
then it is an error.
More information about the Cyrus-sasl