From dde69b5f219cda1910bb24c7485252470e096882 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 30 Aug 2016 14:25:15 -0400
Subject: [PATCH 403/404] Ticket 48975- Disabling CLEAR password storage scheme
will crash server when setting a password
Bug Description: If the CLEAR password storage scheme plugin is disabled, and a
userpassword is set, the server crashes. This is because we
expect this plugin to be enabled when working with the unhashed
password.
Fix Description: Always check if the password scheme, returned by pw_val2scheme(),
is NULL before dereferencing it. If it is NULL treat it as a
clear text password.
Valgrind: Passed
https://fedorahosted.org/389/ticket/48975
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd)
(cherry picked from commit 840cfbfc7d6473338cd4ef167bf4a0d8867be80b)
---
ldap/servers/slapd/modify.c | 8 ++++----
ldap/servers/slapd/pw.c | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 4bcc827..ed08885 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -847,7 +847,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {
char *password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);
pwsp = pw_val2scheme( password, &valpwd, 1 );
- if(strcmp(pwsp->pws_name, "CLEAR") == 0){
+ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
/*
* CLEAR password
*
@@ -871,7 +871,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
const char *userpwd = slapi_value_get_string(present_values[ii]);
pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );
- if(strcmp(pass_scheme->pws_name,"CLEAR")){
+ if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){
/* its encoded, so compare it */
if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){
/*
@@ -931,7 +931,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
* provided by the client.
*/
unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );
- if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
+ if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
/* match, add the delete mod for this particular unhashed userpassword */
if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
@@ -1457,7 +1457,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***
*cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));
for(i = 0, p = 0; i < n; i++){
pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );
- if(strcmp(pwsp->pws_name, "CLEAR") == 0){
+ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
(*cvals)[p++] = slapi_value_new_berval(bvals[i]);
}
free_pw_scheme( pwsp );
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index d5785ba..4c9cfac 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -265,8 +265,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)
{
if ( pwsp != NULL )
{
- slapi_ch_free( (void**)&pwsp->pws_name );
- slapi_ch_free( (void**)&pwsp );
+ slapi_ch_free_string(&pwsp->pws_name);
+ slapi_ch_free((void**)&pwsp);
}
}
--
2.4.11