From bda294f5c1c19b7aec7f586d253f582a5a492c50 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 6 Nov 2008 16:58:03 +0000
Subject: [PATCH] ITS#5794 move prev fix

---
 servers/slapd/passwd.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 26a58a8782..f711871a6e 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -228,12 +228,8 @@ int passwd_extop(
 		if ( rc == LDAP_SUCCESS && e ) {
 			Attribute *a = attr_find( e->e_attrs,
 				slap_schema.si_ad_userPassword );
-			if ( a ) {
-				char oldNul = qpw->rs_old.bv_val[qpw->rs_old.bv_len];
-				qpw->rs_old.bv_val[qpw->rs_old.bv_len] = 0;
+			if ( a )
 				rc = slap_passwd_check( op, e, a, &qpw->rs_old, &rs->sr_text );
-				qpw->rs_old.bv_val[qpw->rs_old.bv_len] = oldNul;
-			}
 			else
 				rc = 1;
 			be_entry_release_r( op, e );
@@ -507,6 +503,7 @@ slap_passwd_check(
 	int			result = 1;
 	struct berval		*bv;
 	AccessControlState	acl_state = ACL_STATE_INIT;
+	char		credNul = cred->bv_val[cred->bv_len];
 
 #ifdef SLAPD_SPASSWD
 	void		*old_authctx = NULL;
@@ -515,6 +512,8 @@ slap_passwd_check(
 		op->o_conn->c_sasl_authctx, 0, &old_authctx, NULL );
 #endif
 
+	if ( credNul ) cred->bv_val[cred->bv_len] = 0;
+
 	for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
 		/* if e is provided, check access */
 		if ( e && access_allowed( op, e, a->a_desc, bv,
@@ -529,6 +528,8 @@ slap_passwd_check(
 		}
 	}
 
+	if ( credNul ) cred->bv_val[cred->bv_len] = credNul;
+
 #ifdef SLAPD_SPASSWD
 	ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)slap_sasl_bind,
 		old_authctx, 0, NULL, NULL );
-- 
2.39.5