SASL DIGEST-MD5 mechanism bug

Thu, 11 Dec 2003 07:57:26 -0800 

The DIGEST-MD5 mechanism in Authen-SASL 2.06 seems slightly broken, using
either perl 5.8.0 or perl 5.8.1.

I am told by our SASL guru that DIGEST-MD5 is a multi-step procedure, and it
looks like the client_step code in DIGEST_MD5.pm isn't aware of this and
tries to use stuff in step 2 that only exists in step 1. Or something like
that.

Essentially I log this:

Net::LDAP=HASH(0x8610f0) received:
0000   54: SEQUENCE {
0002    1:   INTEGER = 2
0005   49:   [APPLICATION 1] {
0007    1:     ENUM = 14
000A    0:     STRING = ''
000C    0:     STRING = ''
000E   40:     [CONTEXT 7]
0010     :       72 73 70 61 75 74 68 3D 66 31 36 38 64 35 36 30
rspauth=f168d560
0020     :       63 65 33 37 36 33 39 34 61 37 36 38 64 31 63 38
ce376394a768d1c8
0030     :       36 62 62 30 63 30 34 31 __ __ __ __ __ __ __ __ 6bb0c041
0038     :   }
0038     : }

And directly afterwards this happens:

Use of uninitialized value in hash element at
/Library/Perl/5.8.1/Authen/SASL/Perl/DIGEST_MD5.pm line 54, <DATA> line 283.
Use of uninitialized value in hash element at
/Library/Perl/5.8.1/Authen/SASL/Perl/DIGEST_MD5.pm line 54, <DATA> line 283.
Use of uninitialized value in join or string at
/Library/Perl/5.8.1/Authen/SASL/Perl/DIGEST_MD5.pm line 75, <DATA> line 283.
Use of uninitialized value in join or string at
/Library/Perl/5.8.1/Authen/SASL/Perl/DIGEST_MD5.pm line 75, <DATA> line 283.
Use of uninitialized value in join or string at
/Library/Perl/5.8.1/Authen/SASL/Perl/DIGEST_MD5.pm line 85, <DATA> line 283.
Use of uninitialized value in join or string at
/Library/Perl/5.8.1/Authen/SASL/Perl/DIGEST_MD5.pm line 85, <DATA> line 283.

Net::LDAP=HASH(0x8df088) sending:
0000  183: SEQUENCE {
0003    1:   INTEGER = 3
0006  177:   [APPLICATION 0] {
0009    1:     INTEGER = 3
000C    0:     STRING = ''
000E  169:     [CONTEXT 3] {
0011   10:       STRING = 'DIGEST-MD5'
001D  154:       STRING =
'cnonce="18b4209f941bebf7cc3e646c439331e6",digest-uri="ldap/hathi.isode.net"
,nc=00000001,response=1983858bf2cecc6b87762b7c11416988,username="[EMAIL PROTECTED]
et"'
00BA     :     }
00BA     :   }
00BA     : }
Net::LDAP=HASH(0x8df088) received:
0000   12: SEQUENCE {
0002    1:   INTEGER = 3
0005    7:   [APPLICATION 1] {
0007    1:     ENUM = 0
000A    0:     STRING = ''
000C    0:     STRING = ''
000E     :   }
000E     : }

The bind succeeds, so the warnings are just an irritation. Is this a known
issue?

Cheers,

Chris

Reply via email to