[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5794) Password exop unwilling to verify old password

Full_Name: Arthur Anhalt
Version: 2.4.12
OS: Ubuntu 8.04
Submission from: (NULL) (

When parsing password change extended operations,
servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.

In libraries/liblutil/passwd.c:chk_crypt will return an error is the old and
passwords do not end with a null terminator. I believe more of the chk_*
return the same error.

This is the same bug as ITS#5575, but affects the core system, not contributed