[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5794) Password exop unwilling to verify old password

aja@nlgroup.ca wrote:
> Full_Name: Arthur Anhalt
> Version: 2.4.12
> OS: Ubuntu 8.04
> URL:
> Submission from: (NULL) (
> When parsing password change extended operations,
> servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
> LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.
> In libraries/liblutil/passwd.c:chk_crypt will return an error is the old and
> new
> passwords do not end with a null terminator. I believe more of the chk_*
> functions
> return the same error.
> This is the same bug as ITS#5575, but affects the core system, not contributed
> code.

Fixed in HEAD, thanks.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/