The permissions on this repository are being updated. This may take a while.
During this time, you or some of the project's contributors may not be able
to push to this repository.
c552186Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
Description: do not overwrite rc used to decide if bind was successful.
When the bind is through ldapi/autobind, an entry does not exist to be
checked with slapi_check_account_lock. In that case, a variable rc is
not supposed to be modified which confuses the following code path.
Reviewed by nhosoi@redhat.com.
(cherry picked from commit caa351ae0cc81cbf2309a43c5f74b359cda152d0)