[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5794) Password exop unwilling to verify old password

To: openldap-its@OpenLDAP.org
Subject: (ITS#5794) Password exop unwilling to verify old password
From: aja@nlgroup.ca
Date: Wed, 5 Nov 2008 22:37:01 GMT

Full_Name: Arthur Anhalt
Version: 2.4.12
OS: Ubuntu 8.04
URL: 
Submission from: (NULL) (205.200.169.138)


When parsing password change extended operations,
servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.

In libraries/liblutil/passwd.c:chk_crypt will return an error is the old and
new
passwords do not end with a null terminator. I believe more of the chk_*
functions
return the same error.

This is the same bug as ITS#5575, but affects the core system, not contributed
code.

Prev by Date: Missing module PPolicy with openldap on CentOS5.0!
Next by Date: Re: Missing module PPolicy with openldap on CentOS5.0!
Index(es):
- Chronological
- Thread