From eaf8b3b97e22bf06152d42b90940212e7acc8e00 Mon Sep 17 00:00:00 2001

From: Mark Reynolds <mreynolds@redhat.com>

Date: Tue, 30 Aug 2016 14:25:15 -0400

Subject: [PATCH 47/47] Ticket 48975- Disabling CLEAR password storage scheme

 will  crash server when setting a password

Bug Description:  If the CLEAR password storage scheme plugin is disabled, and a

                  userpassword is set, the server crashes.  This is because we

                  expect this plugin to be enabled when working with the unhashed

                  password.

Fix Description:  Always check if the password scheme, returned by pw_val2scheme(),

                  is NULL before dereferencing it.  If it is NULL treat it as a

                  clear text password.

Valgrind: Passed

https://fedorahosted.org/389/ticket/48975

Reviewed by: nhosoi(Thanks!)

(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd)

---

 ldap/servers/slapd/modify.c | 8 ++++----

 ldap/servers/slapd/pw.c     | 4 ++--

 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c

index 4a5faa0..72f2db4 100644

--- a/ldap/servers/slapd/modify.c

+++ b/ldap/servers/slapd/modify.c

@@ -827,7 +827,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)

 				for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {

 					password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);

 					pwsp = pw_val2scheme( password, &valpwd, 1 );

-					if(strcmp(pwsp->pws_name, "CLEAR") == 0){

+					if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){

 						/*

 						 *  CLEAR password

 						 *

@@ -851,7 +851,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)

 								const char *userpwd = slapi_value_get_string(present_values[ii]);

 								pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );

-								if(strcmp(pass_scheme->pws_name,"CLEAR")){

+								if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){

 									/* its encoded, so compare it */

 									if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){

 									    /*

@@ -912,7 +912,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)

 								 *  provided by the client.

 								 */

 								unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );

-								if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){

+								if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){

 									if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){

 										/* match, add the delete mod for this particular unhashed userpassword */

 										if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {

@@ -1156,7 +1156,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***

 		*cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));

 		for(i=0,p=0;i

 			pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );

-			if(strcmp(pwsp->pws_name, "CLEAR") == 0){

+			if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){

 				(*cvals)[p++] = slapi_value_new_berval(bvals[i]);

 			}

 			free_pw_scheme( pwsp );

diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c

index 3f2cdb0..6f02f90 100644

--- a/ldap/servers/slapd/pw.c

+++ b/ldap/servers/slapd/pw.c

@@ -234,8 +234,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)

 {

 	if ( pwsp != NULL )

 	{

-		slapi_ch_free( (void**)&pwsp->pws_name );

-		slapi_ch_free( (void**)&pwsp );

+		slapi_ch_free_string(&pwsp->pws_name);

+		slapi_ch_free((void**)&pwsp);

 	}

 }

-- 

2.4.11