caa351a Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.

1 file Authored by lkrispen 7 years ago, Committed by nhosoi 7 years ago,
    Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
    
    Description: do not overwrite rc used to decide if bind was successful.
    When the bind is through ldapi/autobind, an entry does not exist to be
    checked with slapi_check_account_lock.  In that case, a variable rc is
    not supposed to be modified which confuses the following code path.
    
    Reviewed by nhosoi@redhat.com.
    
        
file modified
+4 -2