From: Howard Chu Date: Tue, 30 Jun 2009 11:24:11 +0000 (+0000) Subject: Fix check_password with {cleartext} passwords X-Git-Tag: ACLCHECK_0~471 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=68246fb76da5f2de4d2d4a11f84b4ddf38b4d009;p=openldap Fix check_password with {cleartext} passwords --- diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 62324ca2f9..d9fdedaeb1 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -643,6 +643,11 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE pp->pwdCheckModule, err, 0 ); ok = LDAP_OTHER; /* internal error */ } else { + /* FIXME: the error message ought to be passed thru a + * struct berval, with preallocated buffer and size + * passed in. Module can still allocate a buffer for + * it if the provided one is too small. + */ int (*prog)( char *passwd, char **text, Entry *ent ); if ((prog = lt_dlsym( mod, "check_password" )) == NULL) { @@ -656,7 +661,7 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE char *txt = NULL; ldap_pvt_thread_mutex_lock( &chk_syntax_mutex ); - ok = prog( cred->bv_val, &txt, e ); + ok = prog( ptr, &txt, e ); ldap_pvt_thread_mutex_unlock( &chk_syntax_mutex ); if (ok != LDAP_SUCCESS) { Debug(LDAP_DEBUG_ANY,