Sam Varshavchik has released an upgrade to the Courier-Auth daemon, it’s a minor bug fix which solves the following problems:
- authsasllogin.c (authsasl_login): Fix memory leak.
- authldaplib.c (read_env): Fix resource leak. authldap did not close the authldaprc configuration file after reading it on startup.
- authldaplib.c (auth_ldap_do2): Fix used ptr after free(). When an email map feature is enabled, and the map failed, the resulting error message was formed from a buffer that was recently free()ed.
- authpipe.c (auth_pipe): Fix memory leak. If the fork() system call failed (unlikely), a buffer wasn’t getting released
- Fix spec file to invoke authmksock with a short pathname.
I’ve tested this release without a problem and my production server is running this version at the moment without a problem.
To upgrade your courier-auth installation read “Upgrading Courier-Auth”