From 7592a9b9c71786070053677d16f93b5e5daa2d3c Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Wed, 10 Jul 2002 22:04:14 +0000
Subject: [PATCH] make sure we don't test against stored values starting with
 "{"

---
 libraries/liblutil/passwd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 7a04154b98..3fc5e6f455 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -328,7 +328,8 @@ lutil_passwd(
 
 #ifdef SLAPD_CLEARTEXT
 	if( is_allowed_scheme("{CLEARTEXT}", schemes ) ) {
-		return passwd->bv_len == cred->bv_len
+		return (( passwd->bv_len == cred->bv_len ) &&
+				( passwd->bv_val[0] != '{' /*'}'*/ ))
 			? memcmp( passwd->bv_val, cred->bv_val, passwd->bv_len )
 			: 1;
 	}
-- 
2.39.5