On Wed, Oct 07, 2015 at 12:29:05PM +0200, Patrick Wagner wrote:
> I've posted on the cyrus-sasl list and now created a new bug report [1]
> for the issue, with the proposed patch by Viktor Dukhovni as a starting
> point (after all, the other modules might need to be patched as well -
> didn't check).
Thanks. It may be sensible to also ask the Cyrus developers to
enforce the log_level limits *before* calling the application
callback, so that the boiler-plate code provided by Alexey in his
post would not need to be cargo-culted by every application that
uses logging callbacks, and any sensitive password materiel is
better protected from accidental logging.
--
Viktor.
