On Tue, Oct 28, 2008 at 04:37:22PM +0300, Maxim Gorbachyov wrote: > Hello. > There is a bug in the sql plugin of the cyrus-sasl library. > First, description. Here is relevant piece from my config: > > pwcheck_method: auxprop > auxprop_plugin: sql > sql_engine: sqlite > sql_database: my.db > sql_select: SELECT pwd FROM users WHERE login = '%u' > sql_verbose: yes > > I get SEGFAULTs when user with unknown login attempts to authorise. > I've found that sql_auxprop_lookup() uses 'value' and (most important) > 'value_len' without previous initialization. Sqlite backend does not > change value_len if nothing was read from db. So we get > utils->prop_set() accessing random memory. > > Proposed patch (see attachment) initializes 'value' and 'value_len' > with zeroes. It works for me.
Please add this to bugzilla so we don't lose track of it. -- Matt
