patch: fix sql plugin crash on athorisation with unknown login
maxim.gorbachyov at gmail.com
Fri Oct 10 06:49:14 EDT 2008
I use sql plugin with sqlite backend. Relevant config piece:
sql_select: SELECT pwd FROM users WHERE login = '%u'
I got SEGFAULTs on user with unknown login authorisation attempts.
I've found sql_auxprop_lookup() using 'value' and (most important)
'value_len' without previous initialization. Sqlite backend does not
change value_len if nothing was read from db. So we get
utils->prop_set() accessing random memory. If we are lucky, it's
within allocated 8192 bytes of 'value', but it's garbage. If we are
more lucky, we see SEGFAULTs and discover a bug.
Proposed patch (see attachment) initializes 'value' and 'value_len'
with zeroes. It works for me.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 577 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20081010/5be31fc0/attachment.obj
More information about the Cyrus-sasl