Multiple crashes in cyrus-imapd-3.0.1 (httpd)
Fritz Elfert
fritz at fritz-elfert.de
Wed May 10 15:09:07 EDT 2017
On 10.05.2017 18:45, Ken Murchison wrote:
[...]
>> ***It would be interesting to know, what the original author of that
>> suspicious line in httpd.c had intended.***
>
> Setting maxbufsize to zero disables integrity and security protection
> since no HTTP client that I found uses qop=auth-int
>
>
Which cyrus-sasl version did you use?
At least *here* using *Fedoras* packaged cyrus-sasl-2.1.26 (which
admittingly turned out to be heavily patched by RedHat - for security?),
the invocation of either
sasl_setprop(httpd_saslconn, SASL_SEC_PROPS, secprops)
or
sasl_setprop(httpd_saslconn, SASL_SSF_EXTERNAL, &extprops_ssf)
returns a value != SASL_OK.
Both printed the same error message (changes with my pull request) which
is why I can't tell which one failed (most likely the first one though).
If you like to have a look at RedHat's patches to cyrus-sasl-2.1.26, you
can browse them here:
https://build.opensuse.org/package/show/home:felfert/cyrus-sasl
Cheers
-Fritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20170510/7625f97d/attachment.sig>
More information about the Cyrus-devel
mailing list