Bug 250732 - sasl-sample-server crash
Summary: sasl-sample-server crash
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: cyrus-sasl
Version: 4.5
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Steve Conklin
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-03 09:52 UTC by Jan Lieskovsky
Modified: 2007-11-17 01:14 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2007-09-04 14:49:44 UTC

Attachments (Terms of Use)
Core file generated by the sasl-sample-server (1.91 MB, application/octet-stream)
2007-08-03 09:52 UTC, Jan Lieskovsky
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0795 normal SHIPPED_LIVE Moderate: cyrus-sasl security and bug fix update 2008-01-09 16:13:57 UTC

Description Jan Lieskovsky 2007-08-03 09:52:24 UTC
Description of problem:
By second repeatedly performed attempt to connect from sasl-sample-client
using the DIGEST-MD5 mechanism the sasl-sample-server crashes.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. saslpasswd -c bob
2. saslpasswd2 -c bob
3. service saslauthd start
4. On the server side start:
   sasl-sample-server -p bvcontrol -s imap -m DIGEST-MD5
5, Try to connect from the client:
   sasl-sample-client -p bvcontrol -s imap -m DIGEST-MD5 serverHostName
   This will print error message on the client side:
   receiving capability list... recv: {0}
   server doesn't offer mandatory mech 'DIGEST-MD5'
   closing connection

   And on the server side: 
   accepted new connection
   send: {0}

   client didn't choose mechanism
   closing connection                          (This is ok.)

6, But try to connect from the client repeatedly second time:
   sasl-sample-client -p bvcontrol -s imap -m DIGEST-MD5 serverHostName

   Message n the client:

    receiving capability list...
    server doesn't offer mandatory mech 'DIGEST-MD5'
    closing connection                                 (This is ok.)

   But on the server side, segmentation fault appears 
   . . .
   0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Segmentation fault
(core dumped)

   and the core file (if enabled) is created (see the attachment).
Actual results:
sasl-sample-server crash

Expected results:
No crash even after the second connection from the sasl-sample-client

Additional info:
By my attempt, I used RHEL4 on i386 as sasl-sample-server and RHEL4 ia64
as sasl-sample-client. But did repeated the crash by attempt to connect
from RHEL4 s390x client.

Comment 1 Jan Lieskovsky 2007-08-03 09:52:26 UTC
Created attachment 160593 [details]
Core file generated by the sasl-sample-server

Comment 8 Red Hat Bugzilla 2007-09-04 14:49:44 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.