Authen::SASL 2.13 infinite loop bug (resend?)

[Forrest Cahoon]

I sent this to the list yesterday, but I never saw it show up in the
archives. Now I've subscribed and am resending to see if that works.
Sorry if this is a duplicate.


I'm porting some code from our old system to a new one, and I
encountered this bug with Authen::SASL 2.13 which was resolved by
downgrading to 2.12.

I'm afraid I don't know that much about SASL (or LDAP), but I did cut
this down to as close to a "hello world" version as I could.

Here's my code (with some names changed to protect the innocent):


use strict;
use Net::LDAP;
use Authen::SASL;

my $ldap = Net::LDAP->new(
   'ldaps://my.ldap.server',
   version => 3,
   verify => 'require',
   clientcert => '/path/to/my/client/cert',
   clientkey => '/path/to/my/client/key',
   cafile => '/path/to/my/cafile',
   timeout => 10,
   );

die "no Net::LDAP: $!\n" unless $ldap;

my $sasl = Authen::SASL->new(
   mechanism => 'EXTERNAL',
   callback  => { user => '' },
   debug => 13,
   );

alarm(10); # for Devel::SimpleTrace

my $result = $ldap->bind( "sn=msiScripts,dc=DTC", sasl => $sasl );

if ( $result->code ) {
   die "bind with sasl failed: " . $result->error;
}

print "success!\n";

__END__


Using Authen::SASL 2.13,  running this code with -wMDevel::SimpleTrace
gives the following  stack trace when the alarm times out:

Deep recursion on subroutine "Net::LDAP::_sendmesg"
       at 
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm
line 64, <DATA>:275)
       at 
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
       at 
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
       at Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
       at 
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
       at 
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
       at 
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
       at Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
       at 
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)

[ ... many, many, many, many, many iterations of the same loop omitted ... ]

       at 
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
       at 
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
       at Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
       at 
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
       at Net::LDAP::bind(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:422)
       at main::(ldaptest.pl:25)

When I downgraded to Authen::SASL 2.12, I got a "success!" message
(yay!) but I also got an interesting stack trace from
Devel::Simpletrace:

Use of uninitialized value in numeric gt (>)
       at 
Authen::SASL::Perl::securesocket(/usr/local/lib/perl5/site_perl/5.10.1/Authen/SASL/Perl.pm
line 130, <DATA>:275)
       at 
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:39)
       at 
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
       at Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
       at 
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
       at 
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
       at 
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
       at Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
       at 
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
       at Net::LDAP::bind(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:422)
       at main::(ldaptest.pl:25)
success!

Perhaps the changes in 2.13 included a bad fix for the nonfatal error
shown for 2.12 here?

Forrest Cahoon