From a441a58e9ee3f9fb5cb64da97f0d735b1f166e4f Mon Sep 17 00:00:00 2001 From: William Brown Date: Jun 02 2016 02:51:41 +0000 Subject: Ticket 48858 - Segfault changing nsslapd-rootpw Bug Description: py.ldap has a bug where it will send empty change lists. This trigged a segfault in Directory Server where hash_rootpw expected there to be at least a single value to act upon Fix Description: Check that mod_bvalues is not NULL https://fedorahosted.org/389/ticket/48858 Author: wibrown Review by: nhosoi (Thank you!) --- diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 438c925..4a5faa0 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -1436,22 +1436,24 @@ hash_rootpw (LDAPMod **mods) if (strcasecmp (mod->mod_type, CONFIG_ROOTPW_ATTRIBUTE) != 0) continue; - for (j = 0; mod->mod_bvalues[j] != NULL; j++) { - char *val = mod->mod_bvalues[j]->bv_val; - char *hashedval = NULL; - struct pw_scheme *pws = pw_val2scheme (val, NULL, 0); - if (pws) { - free_pw_scheme(pws); - /* Value is pre-hashed, no work to do for this value */ - continue; - } else if (! slapd_nss_is_initialized() ) { - /* We need to hash a value but NSS is not initialized; bail */ - return -1; + if (mod->mod_bvalues != NULL) { + for (j = 0; mod->mod_bvalues[j] != NULL; j++) { + char *val = mod->mod_bvalues[j]->bv_val; + char *hashedval = NULL; + struct pw_scheme *pws = pw_val2scheme (val, NULL, 0); + if (pws) { + free_pw_scheme(pws); + /* Value is pre-hashed, no work to do for this value */ + continue; + } else if (! slapd_nss_is_initialized() ) { + /* We need to hash a value but NSS is not initialized; bail */ + return -1; + } + hashedval=(slapdFrontendConfig->rootpwstoragescheme->pws_enc)(val); + slapi_ch_free_string (&val); + mod->mod_bvalues[j]->bv_val = hashedval; + mod->mod_bvalues[j]->bv_len = strlen (hashedval); } - hashedval=(slapdFrontendConfig->rootpwstoragescheme->pws_enc)(val); - slapi_ch_free_string (&val); - mod->mod_bvalues[j]->bv_val = hashedval; - mod->mod_bvalues[j]->bv_len = strlen (hashedval); } } return 0;