Improve check for schemes vs cleartext passwords

author Howard Chu <hyc@openldap.org>

Wed, 24 Aug 2005 03:52:00 +0000 (03:52 +0000)

committer Howard Chu <hyc@openldap.org>

Wed, 24 Aug 2005 03:52:00 +0000 (03:52 +0000)
author Howard Chu <hyc@openldap.org>
Wed, 24 Aug 2005 03:52:00 +0000 (03:52 +0000)
committer Howard Chu <hyc@openldap.org>
Wed, 24 Aug 2005 03:52:00 +0000 (03:52 +0000)
diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c

index 4d12404e66db9992d27f8a14a3626655deffc8cb..f7e73e7d921853203a1c6414b24bd93906573720 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -303,10 +303,15 @@ lutil_passwd(
         }
  
  #ifdef SLAPD_CLEARTEXT
+       /* Do we think there is a scheme specifier here that we
+        * didn't recognize? Assume a scheme name is at least 1 character.
+        */
+       if (( passwd->bv_val[0] == '{' ) &&
+               ( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
+               return 1;
         if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
-               return (( passwd->bv_len == cred->bv_len ) &&
-                               ( passwd->bv_val[0] != '{' /*'}'*/ ))
-                       ? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+               return ( passwd->bv_len == cred->bv_len ) ?
+                       memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
                         : 1;
         }
  #endif
author	Howard Chu <hyc@openldap.org>
	Wed, 24 Aug 2005 03:52:00 +0000 (03:52 +0000)
committer	Howard Chu <hyc@openldap.org>
	Wed, 24 Aug 2005 03:52:00 +0000 (03:52 +0000)