From dde69b5f219cda1910bb24c7485252470e096882 Mon Sep 17 00:00:00 2001

From: Mark Reynolds <mreynolds@redhat.com>

Date: Tue, 30 Aug 2016 14:25:15 -0400

Subject: [PATCH 403/404] Ticket 48975- Disabling CLEAR password storage scheme

 will  crash server when setting a password

Bug Description:  If the CLEAR password storage scheme plugin is disabled, and a

                  userpassword is set, the server crashes.  This is because we

                  expect this plugin to be enabled when working with the unhashed

                  password.

Fix Description:  Always check if the password scheme, returned by pw_val2scheme(),

                  is NULL before dereferencing it.  If it is NULL treat it as a

                  clear text password.

Valgrind: Passed

https://fedorahosted.org/389/ticket/48975

Reviewed by: nhosoi(Thanks!)

(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd)

(cherry picked from commit 840cfbfc7d6473338cd4ef167bf4a0d8867be80b)

---

 ldap/servers/slapd/modify.c | 8 ++++----

 ldap/servers/slapd/pw.c     | 4 ++--

 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c

index 4bcc827..ed08885 100644

--- a/ldap/servers/slapd/modify.c

+++ b/ldap/servers/slapd/modify.c

@@ -847,7 +847,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)

 				for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {

 					char *password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);

 					pwsp = pw_val2scheme( password, &valpwd, 1 );

-					if(strcmp(pwsp->pws_name, "CLEAR") == 0){

+					if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){

 						/*

 						 *  CLEAR password

 						 *

@@ -871,7 +871,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)

 								const char *userpwd = slapi_value_get_string(present_values[ii]);

 								pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );

-								if(strcmp(pass_scheme->pws_name,"CLEAR")){

+								if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){

 									/* its encoded, so compare it */

 									if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){

 										/*

@@ -931,7 +931,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)

 								 *  provided by the client.

 								 */

 								unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );

-								if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){

+								if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){

 									if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){

 										/* match, add the delete mod for this particular unhashed userpassword */

 										if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {

@@ -1457,7 +1457,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***

 		*cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));

 		for(i = 0, p = 0; i < n; i++){

 			pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );

-			if(strcmp(pwsp->pws_name, "CLEAR") == 0){

+			if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){

 				(*cvals)[p++] = slapi_value_new_berval(bvals[i]);

 			}

 			free_pw_scheme( pwsp );

diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c

index d5785ba..4c9cfac 100644

--- a/ldap/servers/slapd/pw.c

+++ b/ldap/servers/slapd/pw.c

@@ -265,8 +265,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)

 {

 	if ( pwsp != NULL )

 	{

-		slapi_ch_free( (void**)&pwsp->pws_name );

-		slapi_ch_free( (void**)&pwsp );

+		slapi_ch_free_string(&pwsp->pws_name);

+		slapi_ch_free((void**)&pwsp);

 	}

 }

-- 

2.4.11