From 679e7b024e36ac9dfce85766f5d82cc272911e53 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue, 25 Aug 2015 16:31:10 -0700
Subject: [PATCH 52/52] Ticket #48228 - wrong password check if
passwordInHistory is decreased.
Description: Regression was added by this commit:
commit 1a119125856006543aae0520b5800a8b52c3b049
Ticket #48228 - wrong password check if passwordInHistory is decreased.
Compare function pw_history_cmp used in qsort did not check the correct
address for the timestamp string, which made qsort return the password
history in the wrong order.
https://fedorahosted.org/389/ticket/48228
Reviewed by rmeggins@redhat.com (Thank you, Rich!)
(cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4)
(cherry picked from commit 096b386663c949136095def77a7fb12eee64e542)
---
ldap/servers/slapd/pw.c | 21 ++++++++-------------
1 file changed, 8 insertions(+), 13 deletions(-)
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 3abebbf..4e222d7 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1085,8 +1085,6 @@ retry:
static int
pw_history_cmp(const void *h0, const void *h1)
{
- size_t h0sz = 0;
- size_t h1sz = 0;
if (!h0) {
if (!h1) {
return 0;
@@ -1097,23 +1095,20 @@ pw_history_cmp(const void *h0, const void *h1)
if (!h1) {
return 1;
} else {
- size_t delta;
- h0sz = strlen(h0);
- h1sz = strlen(h1);
- delta = h0sz - h1sz;
- if (!delta) {
- return delta;
- }
- if (h0sz < GENERALIZED_TIME_LENGTH) {
+ char *h0str = *(char **)h0;
+ char *h1str = *(char **)h1;
+ size_t h0sz = strlen(h0str);
+ size_t h1sz = strlen(h1str);
+ if ((h0sz < GENERALIZED_TIME_LENGTH) ||
+ (h1sz < GENERALIZED_TIME_LENGTH)) {
/* too short for the history str. */
- return 0;
+ return h0sz - h1sz;
}
+ return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH);
}
}
- return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
}
-
static int
update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
{
--
1.9.3