[PATCH] Fix problem with sasl_set_mutex

Kurt Zeilenga Kurt.Zeilenga at Isode.com
Wed Sep 24 10:38:39 EDT 2008 

Eric,

I think this patch doesn't offer a general solution to the problem.

The root problem here is that neither Cyrus SASL or OpenLDAP libraries  
are truly reentrant.  Each does offer some amount of thread-safety,  
but are each limited by their design.   Obviously, both libraries  
could be improved by redesigning them to have less, or at least, less  
irritating limitations.

Anyways, all this patch does is changes which caller wins the  
initialization conflict.  Where as before, last initializer won, now  
first initializer wins.  So this patch will lead to same sorts of  
'weird crash' behavior as before when two callers make incompatible  
initializations.

I think you need to rework your program to avoid incompatible  
initialization.  This basically means reworking the code so that only  
one call to sasl_set_mutex is made.  Unfortunately, if you are using  
multiple libraries that each make their own calls to sasl_set_mutex,  
you are kind of screwed. If you only are using one such library (such  
as libldap_r), you need to make sure it's the only caller and that  
it's called early enough for all uses of Cyrus SASL.

Unfortunately, things like NSS and PAM can really cause a lot of  
incompatible initialization that outside the control of the program.

-- Kurt

[resent from subscribed address]

On Sep 20, 2008, at 5:41 AM, Eric Leblond wrote:

> Hi,
>
> When working on NuFW (http://www.nufw.org), I've encounter some  
> weird crash
> when calling sasl_dispose. The problem was in fact a logic problem in
> sasl_set_mutex.
>
> NuFW uses sasl and libldap_r. NuFW has to do a call to sasl_set_mutex
> because it is multithreaded. One of the NuFW module uses libldap_r  
> which
> also does a call to sasl_set_mutex. By doing this, we run into a  
> problem
> because sasl_MUTEX_* function change during run time. Thus we can
> allocate a mutex with NuFW function and destroy it with libldap_r
> function. This lead to a crash in almost all cases.
>
> IMHO, the only clean workaround is to modify sasl_set_mutex(): it  
> should
> not be run twice in the same program. I attach a simple patch to this
> mail which implement this behaviour.
>
> BR,
> -- 
> Eric Leblond
> INL: http://www.inl.fr/
> NuFW: http://www.nufw.org/
> <sasl_set_mutex_fix.diff>

More information about the Cyrus-sasl mailing list