Sam Varshavchik has released an upgrade to the Courier-Auth daemon, it’s a minor bug fix which solves the following problems:

  • authsasllogin.c (authsasl_login): Fix memory leak.
  • authldaplib.c (read_env): Fix resource leak. authldap did not close the authldaprc configuration file after reading it on startup.
  • authldaplib.c (auth_ldap_do2): Fix used ptr after free(). When an email map feature is enabled, and the map failed, the resulting error message was formed from a buffer that was recently free()ed.
  • authpipe.c (auth_pipe): Fix memory leak. If the fork() system call failed (unlikely), a buffer wasn’t getting released
  • Fix spec file to invoke authmksock with a short pathname.

I’ve tested this release without a problem and my production server is running this version at the moment without a problem.

To upgrade your courier-auth installation read “Upgrading Courier-Auth