From eaf8b3b97e22bf06152d42b90940212e7acc8e00 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 30 Aug 2016 14:25:15 -0400
Subject: [PATCH 47/47] Ticket 48975- Disabling CLEAR password storage scheme
will crash server when setting a password
Bug Description: If the CLEAR password storage scheme plugin is disabled, and a
userpassword is set, the server crashes. This is because we
expect this plugin to be enabled when working with the unhashed
password.
Fix Description: Always check if the password scheme, returned by pw_val2scheme(),
is NULL before dereferencing it. If it is NULL treat it as a
clear text password.
Valgrind: Passed
https://fedorahosted.org/389/ticket/48975
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd)
---
ldap/servers/slapd/modify.c | 8 ++++----
ldap/servers/slapd/pw.c | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 4a5faa0..72f2db4 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -827,7 +827,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {
password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);
pwsp = pw_val2scheme( password, &valpwd, 1 );
- if(strcmp(pwsp->pws_name, "CLEAR") == 0){
+ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
/*
* CLEAR password
*
@@ -851,7 +851,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
const char *userpwd = slapi_value_get_string(present_values[ii]);
pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );
- if(strcmp(pass_scheme->pws_name,"CLEAR")){
+ if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){
/* its encoded, so compare it */
if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){
/*
@@ -912,7 +912,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
* provided by the client.
*/
unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );
- if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
+ if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
/* match, add the delete mod for this particular unhashed userpassword */
if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
@@ -1156,7 +1156,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***
*cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));
for(i=0,p=0;i<n;i++){
pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );
- if(strcmp(pwsp->pws_name, "CLEAR") == 0){
+ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
(*cvals)[p++] = slapi_value_new_berval(bvals[i]);
}
free_pw_scheme( pwsp );
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 3f2cdb0..6f02f90 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -234,8 +234,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)
{
if ( pwsp != NULL )
{
- slapi_ch_free( (void**)&pwsp->pws_name );
- slapi_ch_free( (void**)&pwsp );
+ slapi_ch_free_string(&pwsp->pws_name);
+ slapi_ch_free((void**)&pwsp);
}
}
--
2.4.11