From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 1 Jul 2009 22:50:56 +0000 (+0000)
Subject: Fix check_password with {cleartext} passwords
X-Git-Tag: OPENLDAP_REL_ENG_2_4_17~20
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8890d0139990b01d8b30fbbfb1dff50626cd6412;p=openldap

Fix check_password with {cleartext} passwords
---

diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 62324ca2f9..d9fdedaeb1 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -643,6 +643,11 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE
 				pp->pwdCheckModule, err, 0 );
 			ok = LDAP_OTHER; /* internal error */
 		} else {
+			/* FIXME: the error message ought to be passed thru a
+			 * struct berval, with preallocated buffer and size
+			 * passed in. Module can still allocate a buffer for
+			 * it if the provided one is too small.
+			 */
 			int (*prog)( char *passwd, char **text, Entry *ent );
 
 			if ((prog = lt_dlsym( mod, "check_password" )) == NULL) {
@@ -656,7 +661,7 @@ check_password_quality( struct berval *cred, PassPolicy *pp, LDAPPasswordPolicyE
 				char *txt = NULL;
 
 				ldap_pvt_thread_mutex_lock( &chk_syntax_mutex );
-				ok = prog( cred->bv_val, &txt, e );
+				ok = prog( ptr, &txt, e );
 				ldap_pvt_thread_mutex_unlock( &chk_syntax_mutex );
 				if (ok != LDAP_SUCCESS) {
 					Debug(LDAP_DEBUG_ANY,