[Date Prev][Date Next]
(ITS#5575) smbk5pwd and slapd disagree on rs_new.bv_val \0 termination
Full_Name: Laurent Pinchart
OS: Linux Ubuntu 8.04
Submission from: (NULL) (188.8.131.52)
When parsing password change extended operations,
servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.
When changing the password, smbk5pwd assumes rs_new.bv_val is zero terminated
and doesn't check its length. This results in garbage being appended to the
Either smbk5pwd should zero-terminate rs_new.bv_val, or the password change EXOP
parsing code should make sure a trailing \0 is appended to bv_val.