fix previous commit (ITS#5819)

[openldap] / servers / slapd / passwd.c

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 26a58a878266e1f526b15fec23a51c95c6073f8b..f711871a6edeaeab21d57be2ec3c29626487d991 100644 (file)
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -228,12 +228,8 @@ int passwd_extop(
                if ( rc == LDAP_SUCCESS && e ) {
                        Attribute *a = attr_find( e->e_attrs,
                                slap_schema.si_ad_userPassword );
-                       if ( a ) {
-                               char oldNul = qpw->rs_old.bv_val[qpw->rs_old.bv_len];
-                               qpw->rs_old.bv_val[qpw->rs_old.bv_len] = 0;
+                       if ( a )
                                rc = slap_passwd_check( op, e, a, &qpw->rs_old, &rs->sr_text );
-                               qpw->rs_old.bv_val[qpw->rs_old.bv_len] = oldNul;
-                       }
                        else
                                rc = 1;
                        be_entry_release_r( op, e );
@@ -507,6 +503,7 @@ slap_passwd_check(
        int                     result = 1;
        struct berval           *bv;
        AccessControlState      acl_state = ACL_STATE_INIT;
+       char            credNul = cred->bv_val[cred->bv_len];
 
 #ifdef SLAPD_SPASSWD
        void            *old_authctx = NULL;
@@ -515,6 +512,8 @@ slap_passwd_check(
                op->o_conn->c_sasl_authctx, 0, &old_authctx, NULL );
 #endif
 
+       if ( credNul ) cred->bv_val[cred->bv_len] = 0;
+
        for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
                /* if e is provided, check access */
                if ( e && access_allowed( op, e, a->a_desc, bv,
@@ -529,6 +528,8 @@ slap_passwd_check(
                }
        }
 
+       if ( credNul ) cred->bv_val[cred->bv_len] = credNul;
+
 #ifdef SLAPD_SPASSWD
        ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)slap_sasl_bind,
                old_authctx, 0, NULL, NULL );