Hi Kevin, -<| Quoting Kevin J. McCarthy <ke...@8t8.us>, on Monday, 2019-04-15 07:04:38 PM |>- > On Mon, Apr 15, 2019 at 06:38:40AM -0700, Kevin J. McCarthy wrote: > > On Mon, Apr 15, 2019 at 08:59:33AM +0200, Philipp Gesang wrote: > > > I’ve come across a use after free in sasl calls when > > > authenticating using digest-md5 against an smtp server: > > > > Thanks for the trace. > > > > > PS: Bringing this up here because mutt is what crashes for me. > > > As far as I can see, mutt follows the example code provided > > > by cyrus-sasl closely so if you prefer I can move the > > > discussion to the cyrus-sasl list. > > > > I'll take a look at it from my side too, but probably won't have time > > for a couple days. > > I had a bit of time to take a look at this, but I'm not immediately seeing a > problem from Mutt's side either. I think it would be worth asking > cyrus-sasl to see what they say.
thanks for looking into this. I’ll take the issue to the sasl folks and report back. Best regards, Philipp
signature.asc
Description: PGP signature
