(ITS#5575) smbk5pwd and slapd disagree on rs_new.bv_val \0 termination

[laurent.pinchart@skynet.be]

Full_Name: Laurent Pinchart
Version: 2.4.9
OS: Linux Ubuntu 8.04
URL: 
Submission from: (NULL) (194.78.198.49)


When parsing password change extended operations,
servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.

When changing the password, smbk5pwd assumes rs_new.bv_val is zero terminated
and doesn't check its length. This results in garbage being appended to the
password.

Either smbk5pwd should zero-terminate rs_new.bv_val, or the password change EXOP
parsing code should make sure a trailing \0 is appended to bv_val.