patch for hang in "saslauthd -a rimap"

Robert Sanderson rwsiv1 at gmail.com
Thu Jan 3 13:04:59 EST 2008


Hello,

I was finding that saslauthd (using rimap) would occasionally hang and 
consume all available CPU time.  After considerable investigation (and 
after capturing lots of network traffic), I found that this occurred 
when a user had a double quote (") character in their password.  Further 
testing with testsaslauthd revealed the same behavior.  This problem 
would occur any time the user name or password had any double quote 
characters.  This can lead to a remote DoS as neither the user name nor 
the password need to be valid they just need to contain a (").

I found the source of the issue in saslauthd/auth_rimap.c.  It appears 
that the code is searching for the (") character and upon finding it, 
gets stuck in a loop.  I also found errors in the use of the memset() 
function later in the same file.  This problem appears to effect all 
recent version of cyrus-sasl.  I can confirm that I have found the 
problem in 2.1.19, 2.1.20, and 2.1.22 on both Linux and OpenBSD.

To assist others, I have attached the patch that I created.  
Unfortunately, I don't know what the official mechanism is for 
submitting patches.  I hope that this would be the appropriate place to 
start.

Regards,

-Bob


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cyrus-sasl-2.1.22-p1.patch
Url: https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080103/2ecef69a/attachment.ksh 


More information about the Cyrus-sasl mailing list