Multiple crashes in cyrus-imapd-3.0.1 (httpd)
fritz at fritz-elfert.de
Wed May 10 15:09:07 EDT 2017
On 10.05.2017 18:45, Ken Murchison wrote:
>> ***It would be interesting to know, what the original author of that
>> suspicious line in httpd.c had intended.***
> Setting maxbufsize to zero disables integrity and security protection
> since no HTTP client that I found uses qop=auth-int
Which cyrus-sasl version did you use?
At least *here* using *Fedoras* packaged cyrus-sasl-2.1.26 (which
admittingly turned out to be heavily patched by RedHat - for security?),
the invocation of either
sasl_setprop(httpd_saslconn, SASL_SEC_PROPS, secprops)
sasl_setprop(httpd_saslconn, SASL_SSF_EXTERNAL, &extprops_ssf)
returns a value != SASL_OK.
Both printed the same error message (changes with my pull request) which
is why I can't tell which one failed (most likely the first one though).
If you like to have a look at RedHat's patches to cyrus-sasl-2.1.26, you
can browse them here:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the Cyrus-devel