carddav with DIGEST-MD5

Ken Murchison murch at
Wed Jul 23 10:55:34 EDT 2014

Hi Johan,

I believe this issue is fixed by the following commit:

BTW, which CardDAV client is using Digest?

On 07/22/2014 01:48 PM, Johan Hattne wrote:
> While PLAIN authentication works fine, I had the https daemon crash during DIGEST-MD5 authentication.  The crash turned out to be a divide error in libdigestmd5 from cyrus-sasl.  In particular (in cyrus-sasl’s plugins/digestmd5.c):
>    /* Create an initial cache entry for non-persistent HTTP connections */
>    unsigned val = hash((char *) nonce) % text->reauth->size;
> would fail due to text->reauth->size being zero.  If I’m reading this correctly, this appears to be the effect of initializing the plugin (as done in digestmd5_server_plug_init(), defined in same file as the snippet above) with an undefined reauth_timeout.  And indeed, adding "sasl_reauth_timeout: 10” to /etc/imapd.conf makes the crash go away.
> I didn’t expect a configuration without reauth_timeout to crash imapd, but I haven’t done enough research to be sure, nor to tell where the problem lies should this be a real issue.  Any further insight is greatly appreciated!
> // Cheers; Johan
> ----
> Cyrus Home Page:
> List Archives/Info:
> To Unsubscribe:

Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University

More information about the Info-cyrus mailing list