[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5794) Password exop unwilling to verify old password
aja@nlgroup.ca wrote:
> Full_Name: Arthur Anhalt
> Version: 2.4.12
> OS: Ubuntu 8.04
> URL:
> Submission from: (NULL) (205.200.169.138)
>
>
> When parsing password change extended operations,
> servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with
> LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.
>
> In libraries/liblutil/passwd.c:chk_crypt will return an error is the old and
> new
> passwords do not end with a null terminator. I believe more of the chk_*
> functions
> return the same error.
>
> This is the same bug as ITS#5575, but affects the core system, not contributed
> code.
Fixed in HEAD, thanks.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/