From: Howard Chu <hyc@openldap.org>
Date: Wed, 24 Aug 2005 03:52:00 +0000 (+0000)
Subject: Improve check for schemes vs cleartext passwords
X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~589
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6cfcae11f27fec01944e272e712dacb438087108;p=openldap

Improve check for schemes vs cleartext passwords
---

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 4d12404e66..f7e73e7d92 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -303,10 +303,15 @@ lutil_passwd(
 	}
 
 #ifdef SLAPD_CLEARTEXT
+	/* Do we think there is a scheme specifier here that we
+	 * didn't recognize? Assume a scheme name is at least 1 character.
+	 */
+	if (( passwd->bv_val[0] == '{' ) &&
+		( strchr( passwd->bv_val, '}' ) > passwd->bv_val+1 ))
+		return 1;
 	if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
-		return (( passwd->bv_len == cred->bv_len ) &&
-				( passwd->bv_val[0] != '{' /*'}'*/ ))
-			? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
+		return ( passwd->bv_len == cred->bv_len ) ?
+			memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
 			: 1;
 	}
 #endif