** Changed in: cyrus-sasl2 (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1973760
Title:
Crash when using DIGEST-MD5 with SSF>=128
Status in cyrus-sasl2 package in Ubuntu:
In Progress
Status in cyrus-sasl2 package in Debian:
Fix Released
Bug description:
I'm still troubleshooting this, but at the moment apps negotiating a
DIGEST-MD5 authentication and requesting some form of transport
encryption (ssf != 0) are crashing. The only example I have so far is
the openldap client tools (so just one app really).
ssf=0 works:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 0
dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth
ssf=128 crashes:
$ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128
SASL/DIGEST-MD5 authentication started
SASL username: ubuntu@lxd
SASL SSF: 128
SASL data security layer installed.
Segmentation fault (core dumped)
The crash seems to be inside openssl. I'll get a proper stack trace.
2.1.27, also built with openssl3, does not crash. So far only 2.1.28
(in kinetic-proposed).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
