Public bug reported:

I'm still troubleshooting this, but at the moment apps negotiating a
DIGEST-MD5 authentication and requesting some form of transport
encryption (ssf != 0) are crashing. The only example I have so far is
the openldap client tools (so just one app really).

ssf=0 works:
$ ldapwhoami  -U ubuntu@lxd -w ubuntusecret -O maxssf=0
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 0
dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth


ssf=128 crashes:
$ ldapwhoami  -U ubuntu@lxd -w ubuntusecret -O maxssf=128
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 128
SASL data security layer installed.
Segmentation fault (core dumped)

The crash seems to be inside openssl. I'll get a proper stack trace.

2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in
kinetic-proposed).

** Affects: cyrus-sasl2 (Ubuntu)
     Importance: High
     Assignee: Andreas Hasenack (ahasenack)
         Status: In Progress


** Tags: server-todo update-excuse update-excuses

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1973760

Title:
  Crash when using DIGEST-MD5 with SSF>=128

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to