OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Contrib/7269
Full headers

From: fumiyas@osstech.co.jp
Subject: [PATCH] Make slapd-sha2 module thread-safe
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 10 May 2012 11:41:19 +0000
From: fumiyas@osstech.co.jp
To: openldap-its@OpenLDAP.org
Subject: [PATCH] Make slapd-sha2 module thread-safe
Full_Name: SATOH Fumiyasu
Version: master
OS: 
URL: ftp://ftp.openldap.org/incoming/openldap-2.4.31-sha2-multithread.patch
Submission from: (NULL) (125.2.180.244)


In contrib/slapd-modules/passwd/sha2/slapd-sha2.c:sha*_hex_hash(),
a static buffer "static char real_hash[]" is declared and is
used by threads, but it is not TLS (Thread Local Storage) and
no lock.

This patch removes sha*_hex_hash() and replaces chk_sha*() with
libraries/liblutil/passwd.c:chk_sha1() implementation to
fix this problem.

Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org