[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd crashes on bind with malformed SSHA password (ITS#2835)
Full_Name: Luca Scamoni
Version: HEAD
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.227.212.131)
In libraries/liblutil/passwd.c there is are a couple of less or equal tests
between an integer rc and an unsigned int sizeof(). If rc=-1 the test is always
false and processing, instead of returning an error continues till segfault, as
reported in OL-Software ML by Marc-Andre.Gaudreau@USherbrooke.ca with message
http://www.openldap.org/lists/openldap-software/200311/msg00323.html
The following trivial patch fixes the problem:
Index: libraries/liblutil/passwd.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/liblutil/passwd.c,v
retrieving revision 1.78
diff -u -r1.78 passwd.c
--- libraries/liblutil/passwd.c 17 Oct 2003 02:40:16 -0000 1.78
+++ libraries/liblutil/passwd.c 20 Nov 2003 15:51:11 -0000
@@ -485,7 +485,7 @@
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
- if (rc <= sizeof(SHA1digest)) {
+ if (rc <= (int) sizeof(SHA1digest)) {
ber_memfree(orig_pass);
return -1;
}
@@ -566,7 +566,7 @@
rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
- if (rc <= sizeof(MD5digest)) {
+ if (rc <= (int) sizeof(MD5digest)) {
ber_memfree(orig_pass);
return -1;
}