[Date Prev][Date Next]
Openldap crashes with invalid passwords (ITS#2055)
Full_Name: Philipp Klaus
OS: Linux (RH 7.2)
Submission from: (NULL) (188.8.131.52)
If the password of a user is badly encoded, the server does not accept the given
credentials returning an error and the NEXT user logging in will make the slapd
The bad encoding means that a SHA1 Hash is encoded base64 but the padding '='(s)
are not included (example password is 'passWORD'):
The problem arised on our site because we were using the Perl module
Digest::SHA1 function sha1_base64 to generate our passwords and that one had a
bug that prevented it from adding the padding equal signs (a patch to correct
that was already sent to the maintainer).
Using gdb I tracked the segfault down to occur in the 'free' routine of glibc.
This seems to be called from ber_memfree in liblber.