Public bug reported:
I'm still troubleshooting this, but at the moment apps negotiating a
DIGEST-MD5 authentication and requesting some form of transport
encryption (ssf != 0) are crashing. The only example I have so far is
the openldap client tools (so just one app really).
ssf=0 works:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 0
dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth
ssf=128 crashes:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 128
SASL data security layer installed.
Segmentation fault (core dumped)
The crash seems to be inside openssl. I'll get a proper stack trace.
2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in
kinetic-proposed).
** Affects: cyrus-sasl2 (Ubuntu)
Importance: High
Assignee: Andreas Hasenack (ahasenack)
Status: In Progress
** Tags: server-todo update-excuse update-excuses
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1973760
Title:
Crash when using DIGEST-MD5 with SSF>=128
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
