Issue #47905: Bad manipulation of passwordhistory - 389-ds-base

389-ds-base

#47905 Bad manipulation of passwordhistory

Closed: wontfix None Opened 9 years ago by nhosoi.

See the bug for the reproducer.
The fix proposal is provided by the reporter, gparente.

nhosoi commented 9 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1145382

mreynolds commented 9 years ago

German, is there a patch for this issue?

gparente commented 9 years ago

Marc, it's in the BZ. It seems to be this simple one:

[gparente@localhost ds]$ git diff ab64389 ldap/servers/slapd/pw.c
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index a4d2dc6..1216670 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -290,6 +290,9 @@ pw_val2scheme( char val, char valpwdp, int first_is_default )
int namelen, prefixlen;
char end, buf[ PWD_MAX_NAME_LEN + 1 ];

if (val == NULL)
return( NULL );
+
if ( *val != PWD_HASH_PREFIX_START ||
( end = strchr( val, PWD_HASH_PREFIX_END )) == NULL ||
( namelen = end - val - 1 ) > PWD_MAX_NAME_LEN ) {
[gparente@localhost ds]$

mreynolds commented 9 years ago

German, sorry I was looking for an attached patch, and missed the diff you posted.

Thanks,
Mark

nhosoi commented 9 years ago

git patch file (master) -- applied German's fix in comment 6 and created a git patch
0001-Ticket-47905-Bad-manipulation-of-passwordhistory.patch

nhosoi commented 9 years ago

Description: The patch was provided by German Parente (gparente@redhat.com)
https://fedorahosted.org/389/ticket/47905#comment:6

If a value of password policy attribute (e.g., passwordhistory) is
accidentally deleted, it causes a null reference in pw_val2scheme.
This patch checks whether val is NULL or not. If the given val is
NULL, pw_val2scheme returns NULL.

Reviewed and tested by nhosoi@redhat.com.

nhosoi commented 9 years ago

Pushed the patch on behalf of gparente@redhat.com (Thank you for the fix, German!)

Master:
e0c78e1..2c6e74a master -> master
commit 2c6e74a

389-ds-base-1.3.3:
2da0bd6..baa26c9 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit baa26c9

389-ds-base-1.3.2:
143550a..a9dee00 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit a9dee00

389-ds-base-1.3.1:
3fafcbe..bf27455 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit bf274554956196b4fc3f80f60c1b61de28a1b9d2

389-ds-base-1.2.11:
457252f..6b85c3a 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit 6b85c3a

Metadata Update from @nhosoi:
- Issue assigned to gparente
- Issue set to the milestone: 1.2.11.33

7 years ago

spichugi commented 3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1236

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Metadata

Assignee

gparente

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

1.2.11.33

reviewstatus

ack

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1145072
https://bugzilla.redhat.com/show_bug.cgi?id=1145382

origin

Community

389-ds-base

Source Code

#47905 Bad manipulation of passwordhistory Closed: wontfix None Opened 9 years ago by nhosoi.

Metadata

#47905 Bad manipulation of passwordhistory

Closed: wontfix None Opened 9 years ago by nhosoi.