Hi, -<| Quoting Philipp Gesang <philipp.ges...@intra2net.com>, on Tuesday, 2019-04-16 08:39:02 AM |>- > -<| Quoting Kevin J. McCarthy <ke...@8t8.us>, on Monday, 2019-04-15 07:04:38 > PM |>- > > On Mon, Apr 15, 2019 at 06:38:40AM -0700, Kevin J. McCarthy wrote: > > > On Mon, Apr 15, 2019 at 08:59:33AM +0200, Philipp Gesang wrote: > > > > I’ve come across a use after free in sasl calls when > > > > authenticating using digest-md5 against an smtp server: > > > > > > Thanks for the trace. > > > > > > > PS: Bringing this up here because mutt is what crashes for me. > > > > As far as I can see, mutt follows the example code provided > > > > by cyrus-sasl closely so if you prefer I can move the > > > > discussion to the cyrus-sasl list. > > > > > > I'll take a look at it from my side too, but probably won't have time > > > for a couple days. > > > > I had a bit of time to take a look at this, but I'm not immediately seeing a > > problem from Mutt's side either. I think it would be worth asking > > cyrus-sasl to see what they say. > > thanks for looking into this. I’ll take the issue to the sasl > folks and report back.
this was indeed an issue in cyrus-sasl which thanks to a patch by Simo Sorce is now fixed in master: https://github.com/cyrusimap/cyrus-sasl/commit/ca6c587cc9da51235b125a97e841fa786aaad7ff Best regards, Philipp
signature.asc
Description: PGP signature
