Bug#499770: libsasl2: Multiple initialisations of sasl lead to application crash
Eric Leblond
eric at inl.fr
Mon Sep 22 07:25:59 UTC 2008
Package: libsasl2
Version: 2.1.22.dfsg1-8
Severity: important
Tags: patch
When working on NuFW (http://www.nufw.org), I've encounter some weird crash
when calling sasl_dispose. The problem was in fact a logic problem in
sasl_set_mutex.
NuFW uses sasl and libldap_r. NuFW has to do a call to sasl_set_mutex
because it is multithreaded. One of the NuFW module uses libldap_r which
also does a call to sasl_set_mutex. By doing this, we run into a problem
because sasl_MUTEX_* function change during run time. Thus we can
allocate a mutex with NuFW function and destroy it with libldap_r
function. This lead to a crash in almost all cases.
This problem occurs in NuFW but will occur with any application using SASL
and a library using SASL.
IMHO, the only clean workaround is to modify sasl_set_mutex(): it should
not be run twice in the same program. I attach a simple patch which implement
this behaviour.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-028stab053
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libsasl2 depends on:
ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
libsasl2 recommends no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0016_sasl_set_mutex.dpatch
Type: application/x-shellscript
Size: 1039 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20080922/85d34480/attachment.bin
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list