Bug#402164: #402164: segfault in cyrus imapd using nss-ldap,
libsasl and gssapi
Fabian Fagerholm
fabbe at paniq.net
Thu Dec 21 15:46:53 CET 2006
tags 402164 + moreinfo
thanks
On Mon, 2006-12-18 at 17:22 +0000, Mark Ellis wrote:
> I believe I have found another reference to this at
> http://www.mail-archive.com/cyrus-devel@lists.andrew.cmu.edu/msg00020.html
>
> The short version, is that gss_mutex is set to (void *)1 by the
> default sasl_mutex_alloc in lib/common.c. At some point libldap then
> registers its own mutex callbacks, and attempts to lock gss_mutex,
> resulting in the segfault.
>
> The above reference provides a temporary fix. Not knowing the
> implications of sasl internals i'm not sure where this needs to be
> fixed.
In a follow-up [0] to the mail you referenced, Alexey Melnikov points
out that "The call to set mutex functions to be used by SASL must be
done before calling sasl_client_init/sasl_server_init." (You probably
saw that message already.)
[0] http://www.mail-archive.com/cyrus-devel@lists.andrew.cmu.edu/msg00021.html
I'm not sure if and how this is possible in this case. Apparently the
change would need to happen in either libnss-ldap or openldap, but there
is also the workaround described in the message you referenced. I
believe it's not consistent with the design of Cyrus SASL, though.
In the same mail, Alexey asks: "Can you tell me why NSS is trying to set
up SASL?" Maybe we could move forward by finding an answer to that
question.
Cheers,
--
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20061221/64454012/attachment.pgp
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list