patch: fix sql plugin crash

Alexey Melnikov alexey.melnikov at
Tue Oct 28 15:32:24 EDT 2008

Maxim Gorbachyov wrote:

>There is a bug in the sql plugin of the cyrus-sasl library.
>First, description. Here is relevant piece from my config:
>pwcheck_method: auxprop
>auxprop_plugin: sql
>sql_engine: sqlite
>sql_database: my.db
>sql_select: SELECT pwd FROM users WHERE login = '%u'
>sql_verbose: yes
>I get SEGFAULTs when user with unknown login attempts to authorise.
>I've found that sql_auxprop_lookup() uses 'value' and (most important)
>'value_len' without previous initialization. Sqlite backend does not
>change value_len if nothing was read from db. So we get
>utils->prop_set() accessing random memory.
>Proposed patch (see attachment) initializes 'value' and 'value_len'
>with zeroes. It works for me.
This looks reasonable.

However, I am wondering if the following line:

+    memset(value, 0, sizeof(value));

can be replaced with:

+    value[0] = '\0';

Can you test?

Also, please add this to bugzilla, if you haven't yet.

More information about the Cyrus-devel mailing list