[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5575) smbk5pwd and slapd disagree on rs_new.bv_val \0 termination

Full_Name: Laurent Pinchart
Version: 2.4.9
OS: Linux Ubuntu 8.04
Submission from: (NULL) (

When parsing password change extended operations,
servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.

When changing the password, smbk5pwd assumes rs_new.bv_val is zero terminated
and doesn't check its length. This results in garbage being appended to the

Either smbk5pwd should zero-terminate rs_new.bv_val, or the password change EXOP
parsing code should make sure a trailing \0 is appended to bv_val.