Crash when using DIGEST-MD5 with SSF>=128
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-sasl2 (Debian) |
Fix Released
|
Unknown
|
|||
cyrus-sasl2 (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
I'm still troubleshooting this, but at the moment apps negotiating a DIGEST-MD5 authentication and requesting some form of transport encryption (ssf != 0) are crashing. The only example I have so far is the openldap client tools (so just one app really).
ssf=0 works:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 0
dn:uid=
ssf=128 crashes:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 128
SASL data security layer installed.
Segmentation fault (core dumped)
The crash seems to be inside openssl. I'll get a proper stack trace.
2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in kinetic-proposed).
Changed in cyrus-sasl2 (Debian): | |
status: | Unknown → New |
Changed in cyrus-sasl2 (Debian): | |
status: | New → Fix Released |
It's also crashing in debian: https:/ /ci.debian. net/data/ autopkgtest/ unstable/ amd64/p/ python- bonsai/ 21842977/ log.gz