[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap crashes with invalid passwords (ITS#2055)

Full_Name: Philipp Klaus
Version: 2.0.25
OS: Linux (RH 7.2)
Submission from: (NULL) (

If the password of a user is badly encoded, the server does not accept the given
credentials returning an error and the NEXT user logging in will make the slapd
The bad encoding means that a SHA1 Hash is encoded base64 but the padding '='(s)
are not included (example password is 'passWORD'):


instead of 


The problem arised on our site because we were using the Perl module
Digest::SHA1 function sha1_base64 to generate our passwords and that one had a
bug that prevented it from adding the padding equal signs (a patch to correct
that was already sent to the maintainer).
Using gdb I tracked the segfault down to occur in the 'free' routine of glibc.
This seems to be called from ber_memfree in liblber.