use-after-free in smtp digest-md5
Kevin J. McCarthy
kevin at 8t8.us
Tue Apr 16 02:04:38 UTC 2019
On Mon, Apr 15, 2019 at 06:38:40AM -0700, Kevin J. McCarthy wrote:
>On Mon, Apr 15, 2019 at 08:59:33AM +0200, Philipp Gesang wrote:
>>I’ve come across a use after free in sasl calls when
>>authenticating using digest-md5 against an smtp server:
>
>Thanks for the trace.
>
>>PS: Bringing this up here because mutt is what crashes for me.
>> As far as I can see, mutt follows the example code provided
>> by cyrus-sasl closely so if you prefer I can move the
>> discussion to the cyrus-sasl list.
>
>I'll take a look at it from my side too, but probably won't have time
>for a couple days.
I had a bit of time to take a look at this, but I'm not immediately
seeing a problem from Mutt's side either. I think it would be worth
asking cyrus-sasl to see what they say.
--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20190415/64b53187/attachment.asc>
More information about the Mutt-users
mailing list