[email protected] wrote: > This is a multi-part message in MIME format. > --------------070104060109070008020807 > Content-Type: text/plain; charset=UTF-8; format=flowed > Content-Transfer-Encoding: 7bit > > I checked the new pw-pbkdf2 module. It doesn't appear to be affected by > this problem.
Thanks, all committed to master. > > On 11/05/14 07:56 PM, Ryan Tandy wrote: >> ftp://ftp.openldap.org/incoming/rtandy_20140511_fix-passwd-b64-buffer_v2.patch > > You probably know this, but just in case it helps: "git am --keep-cr" is > the way to apply that patch, because of apr1.c's line endings. > > There's a second bug in slapd-sha2.c, a missing cast causing the return > value of lutil_b64_pton to be ignored. The built-in checkers already > have the appropriate cast. Patch attached. > > --------------070104060109070008020807 > Content-Type: text/x-patch; > name="0002-ITS-7851-contrib-pw-sha2-fix-int-size_t-comparison.patch" > Content-Transfer-Encoding: 7bit > Content-Disposition: attachment; > filename*0="0002-ITS-7851-contrib-pw-sha2-fix-int-size_t-comparison.patc"; > filename*1="h" > >>From 0683ded766e51e0521991fc1a5d2303cf95cc475 Mon Sep 17 00:00:00 2001 > From: Ryan Tandy <[email protected]> > Date: Thu, 26 Jun 2014 18:33:29 -0700 > Subject: [PATCH 2/2] ITS#7851 contrib pw-sha2 fix int/size_t comparison > > --- > contrib/slapd-modules/passwd/sha2/slapd-sha2.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c > b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c > index 1ec7989..2e4fcb0 100644 > --- a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c > +++ b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c > @@ -244,7 +244,7 @@ static int chk_ssha256( > > rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len); > > - if( rc <= sizeof(SHAdigest) ) { > + if( rc <= (int)(sizeof(SHAdigest)) ) { > ber_memfree(orig_pass); > return LUTIL_PASSWD_ERR; > } > @@ -332,7 +332,7 @@ static int chk_ssha384( > > rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len); > > - if( rc <= sizeof(SHAdigest) ) { > + if( rc <= (int)(sizeof(SHAdigest)) ) { > ber_memfree(orig_pass); > return LUTIL_PASSWD_ERR; > } > @@ -420,7 +420,7 @@ static int chk_ssha512( > > rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len); > > - if( rc <= sizeof(SHAdigest) ) { > + if( rc <= (int)(sizeof(SHAdigest)) ) { > ber_memfree(orig_pass); > return LUTIL_PASSWD_ERR; > } > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
