From 1e2793d5a8984b2e390cb3038f507611b3ebc6e2 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Aug 26 2015 00:25:51 +0000
Subject: Ticket #48228 - wrong password check if passwordInHistory is decreased.


Description: Regression was added by this commit:
  commit 1a119125856006543aae0520b5800a8b52c3b049
  Ticket #48228 - wrong password check if passwordInHistory is decreased.
Compare function pw_history_cmp used in qsort did not check the correct
address for the timestamp string, which made qsort return the password
history in the wrong order.

https://fedorahosted.org/389/ticket/48228

Reviewed by rmeggins@redhat.com (Thank you, Rich!)

(cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4)
(cherry picked from commit 096b386663c949136095def77a7fb12eee64e542)
(cherry picked from commit 90cf9fdbc8b71e68f615f8a72328c25e41a8fd0c)

---

diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index bd3a47c..fe3c025 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1090,8 +1090,6 @@ retry:
 static int
 pw_history_cmp(const void *h0, const void *h1)
 {
-	size_t h0sz = 0;
-	size_t h1sz = 0;
 	if (!h0) {
 		if (!h1) {
 			return 0;
@@ -1102,23 +1100,20 @@ pw_history_cmp(const void *h0, const void *h1)
 		if (!h1) {
 			return 1;
 		} else {
-			size_t delta;
-			h0sz = strlen(h0);
-			h1sz = strlen(h1);
-			delta = h0sz - h1sz;
-			if (!delta) {
-				return delta;
-			}
-			if (h0sz < GENERALIZED_TIME_LENGTH) {
+			char *h0str = *(char **)h0;
+			char *h1str = *(char **)h1;
+			size_t h0sz = strlen(h0str);
+			size_t h1sz = strlen(h1str);
+			if ((h0sz < GENERALIZED_TIME_LENGTH) ||
+			    (h1sz < GENERALIZED_TIME_LENGTH)) {
 				/* too short for the history str. */
-				return 0;
+				return h0sz - h1sz;
 			}
+			return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH);
 		}
 	}
-	return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
 }
 
-
 static int
 update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
 {