carddav with DIGEST-MD5

Johan Hattne johan at
Tue Jul 22 13:48:34 EDT 2014

While PLAIN authentication works fine, I had the https daemon crash during DIGEST-MD5 authentication.  The crash turned out to be a divide error in libdigestmd5 from cyrus-sasl.  In particular (in cyrus-sasl’s plugins/digestmd5.c):

  /* Create an initial cache entry for non-persistent HTTP connections */
  unsigned val = hash((char *) nonce) % text->reauth->size;

would fail due to text->reauth->size being zero.  If I’m reading this correctly, this appears to be the effect of initializing the plugin (as done in digestmd5_server_plug_init(), defined in same file as the snippet above) with an undefined reauth_timeout.  And indeed, adding "sasl_reauth_timeout: 10” to /etc/imapd.conf makes the crash go away.

I didn’t expect a configuration without reauth_timeout to crash imapd, but I haven’t done enough research to be sure, nor to tell where the problem lies should this be a real issue.  Any further insight is greatly appreciated!

// Cheers; Johan

More information about the Info-cyrus mailing list