Re: xsasl_cyrus_client_get_passwd signature is inconsistent with sasl_getcallback_t

Wed, 10 Mar 2021 12:34:08 -0800 

FWIW: the Debian build log
(https://buildd.debian.org/status/fetch.php?pkg=postfix&arch=amd64&ver=3.5.6-1&stamp=1596413023&raw=0)
shows:

make: Entering directory '/<<PKGBUILDDIR>>/src/xsasl'
gcc -fPIC -I. -I../../include -g -O2
-fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP
-DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB
-DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql
-DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl
-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\"
-DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\"
-DDEF_MANPAGE_DIR=\"/usr/share/man\"
-DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS
-DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fcommon
-g -O2 -I. -I../../include -DLINUX4 -c xsasl_server.c
gcc -fPIC -I. -I../../include -g -O2
-fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP
-DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB
-DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql
-DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl
-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\"
-DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\"
-DDEF_MANPAGE_DIR=\"/usr/share/man\"
-DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS
-DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fcommon
-g -O2 -I. -I../../include -DLINUX4 -c xsasl_cyrus_server.c
xsasl_cyrus_server.c:185:26: warning: initialization of ‘int
(*)(void)’ from incompatible pointer type ‘int (*)(void *, char **)’
[-Wincompatible-pointer-types]
  185 |     {SASL_CB_GETCONFPATH,&xsasl_getconfpath, 0},
      |                          ^
xsasl_cyrus_server.c:185:26: note: (near initialization for ‘callbacks[1].proc’)
gcc -fPIC -I. -I../../include -g -O2
-fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP
-DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB
-DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql
-DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl
-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\"
-DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\"
-DDEF_MANPAGE_DIR=\"/usr/share/man\"
-DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS
-DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fcommon
-g -O2 -I. -I../../include -DLINUX4 -c xsasl_cyrus_log.c
gcc -fPIC -I. -I../../include -g -O2
-fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP
-DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB
-DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql
-DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl
-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\"
-DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\"
-DDEF_MANPAGE_DIR=\"/usr/share/man\"
-DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS
-DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fcommon
-g -O2 -I. -I../../include -DLINUX4 -c xsasl_cyrus_security.c
gcc -fPIC -I. -I../../include -g -O2
-fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP
-DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB
-DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql
-DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl
-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\"
-DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\"
-DDEF_MANPAGE_DIR=\"/usr/share/man\"
-DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS
-DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fcommon
-g -O2 -I. -I../../include -DLINUX4 -c xsasl_client.c
gcc -fPIC -I. -I../../include -g -O2
-fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong
-Wformat -Werror=format-security -DDEBIAN -DHAS_PCRE -DHAS_LDAP
-DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE -DHAS_CDB -DHAS_LMDB
-DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql
-DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl
-DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-DHAS_DEV_URANDOM -DDEF_DAEMON_DIR=\"/usr/lib/postfix/sbin\"
-DDEF_HTML_DIR=\"/usr/share/doc/postfix/html\"
-DDEF_MANPAGE_DIR=\"/usr/share/man\"
-DDEF_README_DIR=\"/usr/share/doc/postfix\" -DUSE_DYNAMIC_LIBS
-DUSE_DYNAMIC_MAPS -Wmissing-prototypes -Wformat -Wno-comment -fcommon
-g -O2 -I. -I../../include -DLINUX4 -c xsasl_cyrus_client.c
xsasl_cyrus_client.c: In function ‘xsasl_cyrus_client_init’:
xsasl_cyrus_client.c:233:23: warning: initialization of ‘int
(*)(void)’ from incompatible pointer type ‘int (*)(void *, char **)’
[-Wincompatible-pointer-types]
  233 |  {SASL_CB_GETCONFPATH,&xsasl_getconfpath, 0},
      |                       ^
xsasl_cyrus_client.c:233:23: note: (near initialization for ‘callbacks[1].proc’)

Am Mi., 10. März 2021 um 21:23 Uhr schrieb Vincent Pelletier
<plr.vinc...@gmail.com>:
>
> On Wed, 10 Mar 2021 00:31:18 +0000, Vincent Pelletier <plr.vinc...@gmail.com> 
> wrote:
> > Note how the caller (here, libkdexoauth2.so) is calling with:
> > - context
> > - id
> > - result
> > - null
> > but xsasl_cyrus_client_get_passwd's signature is:
> >   sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret
> > which causes id to end up in context (and so on), then context gets
> > promptly dereferenced and causes the segfault.
> >
> > sasl_getcallback_t definition seems to indicate that libkdexoauth2.so is 
> > correct:
> >   
> > https://github.com/cyrusimap/cyrus-sasl/blob/2c66fff698bdb489fa23221b8ec56c6df34f12e5/include/saslplug.h#L24-L40
>
> ...except it seems it's somehow not, and each plugin type has its own
> signature. I did not expect this.
>
> After trying the "fix" I suggest, while resolving the segfault (and
> maybe avoiding other bugs by chance) it does not let me log in with
> libkdexoauth2.so .
> Looking at its source I realise it is calling the wrong function:
>   _plug_get_simple(utils, SASL_CB_PASS, 1, &token, prompt_need);
> when it also has a separate method for decoding password structure:
>   _plug_get_password
> which, surprise surprise, calls the callback with the signature postfix
> expects:
>   ret = pass_cb(utils->conn, pass_context, SASL_CB_PASS, password);
>
> So looks like:
> - there is a perfectly good reason why *this* plugin crashes while
>   others work (phew)
> - I've been barking up the wrong tree (...news at 11)
>
> I reported the issue where it should belong:
>   https://bugs.kde.org/show_bug.cgi?id=434234
>
> Regards,
> --
> Vincent Pelletier
> GPG fingerprint 983A E8B7 3B91 1598 7A92 3845 CAC9 3691 4257 B0C1

Reply via email to