use-after-free in smtp digest-md5
Philipp Gesang
philipp.gesang at intra2net.com
Wed Apr 17 14:29:35 UTC 2019
Hi,
-<| Quoting Philipp Gesang <philipp.gesang at intra2net.com>, on Tuesday, 2019-04-16 08:39:02 AM |>-
> -<| Quoting Kevin J. McCarthy <kevin at 8t8.us>, on Monday, 2019-04-15 07:04:38 PM |>-
> > On Mon, Apr 15, 2019 at 06:38:40AM -0700, Kevin J. McCarthy wrote:
> > > On Mon, Apr 15, 2019 at 08:59:33AM +0200, Philipp Gesang wrote:
> > > > I’ve come across a use after free in sasl calls when
> > > > authenticating using digest-md5 against an smtp server:
> > >
> > > Thanks for the trace.
> > >
> > > > PS: Bringing this up here because mutt is what crashes for me.
> > > > As far as I can see, mutt follows the example code provided
> > > > by cyrus-sasl closely so if you prefer I can move the
> > > > discussion to the cyrus-sasl list.
> > >
> > > I'll take a look at it from my side too, but probably won't have time
> > > for a couple days.
> >
> > I had a bit of time to take a look at this, but I'm not immediately seeing a
> > problem from Mutt's side either. I think it would be worth asking
> > cyrus-sasl to see what they say.
>
> thanks for looking into this. I’ll take the issue to the sasl
> folks and report back.
this was indeed an issue in cyrus-sasl which thanks to a patch by
Simo Sorce is now fixed in master:
https://github.com/cyrusimap/cyrus-sasl/commit/ca6c587cc9da51235b125a97e841fa786aaad7ff
Best regards,
Philipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20190417/223f9bcb/attachment.asc>
More information about the Mutt-users
mailing list