From dde69b5f219cda1910bb24c7485252470e096882 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Tue, 30 Aug 2016 14:25:15 -0400 Subject: [PATCH 403/404] Ticket 48975- Disabling CLEAR password storage scheme will crash server when setting a password Bug Description: If the CLEAR password storage scheme plugin is disabled, and a userpassword is set, the server crashes. This is because we expect this plugin to be enabled when working with the unhashed password. Fix Description: Always check if the password scheme, returned by pw_val2scheme(), is NULL before dereferencing it. If it is NULL treat it as a clear text password. Valgrind: Passed https://fedorahosted.org/389/ticket/48975 Reviewed by: nhosoi(Thanks!) (cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd) (cherry picked from commit 840cfbfc7d6473338cd4ef167bf4a0d8867be80b) --- ldap/servers/slapd/modify.c | 8 ++++---- ldap/servers/slapd/pw.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 4bcc827..ed08885 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -847,7 +847,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) { char *password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val); pwsp = pw_val2scheme( password, &valpwd, 1 ); - if(strcmp(pwsp->pws_name, "CLEAR") == 0){ + if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){ /* * CLEAR password * @@ -871,7 +871,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) const char *userpwd = slapi_value_get_string(present_values[ii]); pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 ); - if(strcmp(pass_scheme->pws_name,"CLEAR")){ + if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){ /* its encoded, so compare it */ if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){ /* @@ -931,7 +931,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) * provided by the client. */ unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 ); - if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){ + if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){ if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){ /* match, add the delete mod for this particular unhashed userpassword */ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) { @@ -1457,7 +1457,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value *** *cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *)); for(i = 0, p = 0; i < n; i++){ pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 ); - if(strcmp(pwsp->pws_name, "CLEAR") == 0){ + if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){ (*cvals)[p++] = slapi_value_new_berval(bvals[i]); } free_pw_scheme( pwsp ); diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index d5785ba..4c9cfac 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -265,8 +265,8 @@ void free_pw_scheme(struct pw_scheme *pwsp) { if ( pwsp != NULL ) { - slapi_ch_free( (void**)&pwsp->pws_name ); - slapi_ch_free( (void**)&pwsp ); + slapi_ch_free_string(&pwsp->pws_name); + slapi_ch_free((void**)&pwsp); } } -- 2.4.11