On Fri, Jun 03, 2022 at 09:27:15AM -0400, Viktor Dukhovni wrote:
> On Fri, Jun 03, 2022 at 11:09:08AM +0200, Matus UHLAR - fantomas wrote:
>
> > >Also can you "apt-get source postfix", and post a link to the tarball?
> >
> > this will unpack the tarball in local directory.
> > I use standard debian packages, there's SASL related patch but it doesn't
> > seem to affect this issue
> >
> > https://sources.debian.org/patches/postfix/3.5.6-1/
> > https://sources.debian.org/patches/postfix/3.5.6-1/07_sasl_config.diff/
>
> The patch introduces a "SASL_CB_GETCONFPATH" callback, that indeed adds
> "/etc/postfix/sasl" to the SASL config search path. This creates two
> conflicting ways to set the location, with the patch likely overriding
> "cyrus_sasl_config_path", and not providing any mechanisms to choose
> alternative locations.
>
> This patch is IMHO obsolete and counterproductive, and should be
> deprecated. Debian should take advantage of "cyrus_sasl_config_path",
> possibly with a custom compile-time default, or else just set at
> install, or at upgrade time (if not already set, and the previous
> Postfix version contains the patch).
I am also a bit puzzled about memory correctness in this patch. It
allocates the callback data with the Postfix concatenate(), which uses
the Postfix mymalloc(), but if/when SASL ever frees the value, the docs
say it is freed with the C library free(), unless the application
configures a different "free_t" function, which I believe is not the
case.
All in all, I'd like to see this patch go away.
--
Viktor.
