On Tue, Jan 30, 2018 at 07:51:39AM +0000, Patrick Steinhardt wrote: > Unset the `pass_cmd` and `user_cmd` fields as soon as their respective > value have been computed. Besides being a bit more efficient as we will > now only ever invoke the respective command once, > no, this was a quite deliberate choice: the password may change. this will be of particular relevance when i finally implement daemon mode some day. time-based one-time-passwords would also violate the assumption of invariance. i don't think the inefficiency poses an *actual* problem?
> this also fixes a real > issue: when calling `ensure_password` or `ensure_user` for a second > time, the previous pointer to the `pass` or `user` field will get freed. > As these functions are used in the middle of the SASL authentication in > `process_sasl_interact`, it can an does in fact cause us to use free'd > memory as we store those pointers in the `sasl_interact_t` structure. > i haven't tried to understand this yet, but the implication of the above is that this needs to be addressed differently. the first two patches look fine sans some nitpicks i'll fix myself. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
