This patch increases robustness in PRE MOD password SLAPI module by ensuring that an uninitialized pointer is not dereferenced.
https://fedorahosted.org/freeipa/ticket/719
>From 3e8ce075247a6b4e71cbca73d6c7be1b363c5abc Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Wed, 12 Jan 2011 10:33:07 +0100 Subject: [PATCH] Potential NULL dereference in ipapwd_prepost This patch increases robustness in PRE MOD password SLAPI module by ensuring that an uninitialized pointer is not dereferenced. https://fedorahosted.org/freeipa/ticket/719 --- .../ipa-pwd-extop/ipapwd_prepost.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c index 1acd46e48caa9231e7286b3d16389c66088ebd1e..34045e2081ba5d2cb44014bbe417c58e5acc8b42 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c @@ -564,8 +564,8 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) if (!bv) { is_pwd_op = 0; } else { - if (0 == strncmp(userpw, bv->bv_val, bv->bv_len) || - 0 == strncmp(unhashedpw, bv->bv_val, bv->bv_len)) + if ((userpw && 0 == strncmp(userpw, bv->bv_val, bv->bv_len)) || + (unhashedpw && 0 == strncmp(unhashedpw, bv->bv_val, bv->bv_len))) is_pwd_op = 0; } default: -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
