[PATCH] Fix problem with sasl_set_mutex

Alexey Melnikov alexey.melnikov at isode.com
Thu Sep 25 12:33:33 EDT 2008 

Kurt Zeilenga wrote:

> I think I've changed my mind regarding this patch.
>
> At least with first caller wins, the function pointers don't bounce  
> around as they presently do.

I think I can do a better patch. sasl_set_mutex should be allowed to be 
called any number of times, as long as these calls are before the first 
sasl_client_init/sasl_server_init call.

> -- Kurt
>
> On Sep 24, 2008, at 7:38 AM, Kurt Zeilenga wrote:
>
>> Eric,
>>
>> I think this patch doesn't offer a general solution to the problem.
>>
>> The root problem here is that neither Cyrus SASL or OpenLDAP  
>> libraries are truly reentrant.  Each does offer some amount of  
>> thread-safety, but are each limited by their design.   Obviously,  
>> both libraries could be improved by redesigning them to have less,  
>> or at least, less irritating limitations.
>>
>> Anyways, all this patch does is changes which caller wins the  
>> initialization conflict.  Where as before, last initializer won, now  
>> first initializer wins.  So this patch will lead to same sorts of  
>> 'weird crash' behavior as before when two callers make incompatible  
>> initializations.
>>
>> I think you need to rework your program to avoid incompatible  
>> initialization.  This basically means reworking the code so that  
>> only one call to sasl_set_mutex is made.  Unfortunately, if you are  
>> using multiple libraries that each make their own calls to  
>> sasl_set_mutex, you are kind of screwed. If you only are using one  
>> such library (such as libldap_r), you need to make sure it's the  
>> only caller and that it's called early enough for all uses of Cyrus  
>> SASL.
>>
>> Unfortunately, things like NSS and PAM can really cause a lot of  
>> incompatible initialization that outside the control of the program.
>>
>> -- Kurt
>>
>> [resent from subscribed address]
>>
>> On Sep 20, 2008, at 5:41 AM, Eric Leblond wrote:
>>
>>> Hi,
>>>
>>> When working on NuFW (http://www.nufw.org), I've encounter some  
>>> weird crash
>>> when calling sasl_dispose. The problem was in fact a logic problem in
>>> sasl_set_mutex.
>>>
>>> NuFW uses sasl and libldap_r. NuFW has to do a call to sasl_set_mutex
>>> because it is multithreaded. One of the NuFW module uses libldap_r  
>>> which
>>> also does a call to sasl_set_mutex. By doing this, we run into a  
>>> problem
>>> because sasl_MUTEX_* function change during run time. Thus we can
>>> allocate a mutex with NuFW function and destroy it with libldap_r
>>> function. This lead to a crash in almost all cases.
>>>
>>> IMHO, the only clean workaround is to modify sasl_set_mutex(): it  
>>> should
>>> not be run twice in the same program. I attach a simple patch to this
>>> mail which implement this behaviour.
>>>
>>> BR,
>>> -- 
>>> Eric Leblond
>>> INL: http://www.inl.fr/
>>> NuFW: http://www.nufw.org/
>>> <sasl_set_mutex_fix.diff>
>>
>>
>

More information about the Cyrus-sasl mailing list