[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5794) Password exop unwilling to verify old password

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5794) Password exop unwilling to verify old password
From: hyc@symas.com
Date: Thu, 6 Nov 2008 15:47:36 GMT

aja@nlgroup.ca wrote:
> Full_Name: Arthur Anhalt
> Version: 2.4.12
> OS: Ubuntu 8.04
> URL:
> Submission from: (NULL) (205.200.169.138)
>
>
> When parsing password change extended operations,
> servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
> LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.
>
> In libraries/liblutil/passwd.c:chk_crypt will return an error is the old and
> new
> passwords do not end with a null terminator. I believe more of the chk_*
> functions
> return the same error.
>
> This is the same bug as ITS#5575, but affects the core system, not contributed
> code.

Fixed in HEAD, thanks.


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5783) Possible DB corruption
Next by Date: Re: (ITS#5783) Possible DB corruption
Index(es):
- Chronological
- Thread