patch: fix sql plugin crash
Matt Selsky
selsky at columbia.edu
Tue Oct 28 09:58:28 EDT 2008
On Tue, Oct 28, 2008 at 04:37:22PM +0300, Maxim Gorbachyov wrote:
> Hello.
> There is a bug in the sql plugin of the cyrus-sasl library.
> First, description. Here is relevant piece from my config:
>
> pwcheck_method: auxprop
> auxprop_plugin: sql
> sql_engine: sqlite
> sql_database: my.db
> sql_select: SELECT pwd FROM users WHERE login = '%u'
> sql_verbose: yes
>
> I get SEGFAULTs when user with unknown login attempts to authorise.
> I've found that sql_auxprop_lookup() uses 'value' and (most important)
> 'value_len' without previous initialization. Sqlite backend does not
> change value_len if nothing was read from db. So we get
> utils->prop_set() accessing random memory.
>
> Proposed patch (see attachment) initializes 'value' and 'value_len'
> with zeroes. It works for me.
Please add this to bugzilla so we don't lose track of it.
--
Matt
More information about the Cyrus-devel
mailing list