#47905 Bad manipulation of passwordhistory
Closed: wontfix None Opened 7 years ago by nhosoi.

See the bug for the reproducer.
The fix proposal is provided by the reporter, gparente.

German, is there a patch for this issue?

Marc, it's in the BZ. It seems to be this simple one:

[gparente@localhost ds]$ git diff ab64389 ldap/servers/slapd/pw.c
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index a4d2dc6..1216670 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -290,6 +290,9 @@ pw_val2scheme( char val, char valpwdp, int first_is_default )
int namelen, prefixlen;
end, buf[ PWD_MAX_NAME_LEN + 1 ];

  • if (val == NULL)
  • return( NULL );
    if ( *val != PWD_HASH_PREFIX_START ||
    ( end = strchr( val, PWD_HASH_PREFIX_END )) == NULL ||
    ( namelen = end - val - 1 ) > PWD_MAX_NAME_LEN ) {
    [gparente@localhost ds]$

German, sorry I was looking for an attached patch, and missed the diff you posted.


git patch file (master) -- applied German's fix in comment 6 and created a git patch

Description: The patch was provided by German Parente (gparente@redhat.com)

If a value of password policy attribute (e.g., passwordhistory) is
accidentally deleted, it causes a null reference in pw_val2scheme.
This patch checks whether val is NULL or not. If the given val is
NULL, pw_val2scheme returns NULL.

Reviewed and tested by nhosoi@redhat.com.

Pushed the patch on behalf of gparente@redhat.com (Thank you for the fix, German!)

e0c78e1..2c6e74a master -> master
commit 2c6e74a

2da0bd6..baa26c9 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit baa26c9

143550a..a9dee00 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit a9dee00

3fafcbe..bf27455 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit bf274554956196b4fc3f80f60c1b61de28a1b9d2

457252f..6b85c3a 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit 6b85c3a

Metadata Update from @nhosoi:
- Issue assigned to gparente
- Issue set to the milestone:

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1236

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

a year ago

Login to comment on this ticket.