On Mon, Apr 15, 2019 at 06:38:40AM -0700, Kevin J. McCarthy wrote:
On Mon, Apr 15, 2019 at 08:59:33AM +0200, Philipp Gesang wrote:I’ve come across a use after free in sasl calls when authenticating using digest-md5 against an smtp server:Thanks for the trace.PS: Bringing this up here because mutt is what crashes for me. As far as I can see, mutt follows the example code provided by cyrus-sasl closely so if you prefer I can move the discussion to the cyrus-sasl list.I'll take a look at it from my side too, but probably won't have time for a couple days.
I had a bit of time to take a look at this, but I'm not immediately seeing a problem from Mutt's side either. I think it would be worth asking cyrus-sasl to see what they say.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
