While investigating ticket 1808 Rob found this issue.

Patch attached.
Fixes: https://fedorahosted.org/freeipa/ticket/1812

Tested and solves the problem here.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From 743cd6af7c4b31ef9b368a7a65d751e835e3e540 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Fri, 16 Sep 2011 11:42:18 -0400
Subject: [PATCH 1/2] ipa-pwd-extop: Fix segfault in password change.

Do not pass an empty buffer to ber_init() as it will assert.
Check before hand and return an error.
---
 .../ipa-pwd-extop/ipa_pwd_extop.c                  |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index f9f5389762d7f84a2434b2c0e1b17dc5e1d12462..9fdf17713228b6c7b1c1748c8d5167dacb232ec2 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -162,6 +162,13 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
 	/* Get the ber value of the extended operation */
 	slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
 
+    if (extop_value == NULL ||
+        (extop_value->bv_len == 0 || extop_value->bv_val == NULL)) {
+        errMesg = "PasswdModify Request empty.\n";
+        rc = LDAP_UNWILLING_TO_PERFORM;
+        goto free_and_return;
+    }
+
 	if ((ber = ber_init(extop_value)) == NULL)
 	{
 		errMesg = "PasswdModify Request decode failed.\n";
-- 
1.7.6.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to