Description of problem: The server crashes when performing single operation involving both password change and attribute deletion, if the password is subject to password policy syntax checking. Version-Release number of selected component (if applicable): 1.0.2 How reproducible: Always. Steps to Reproduce: 1. create password policy with password syntax checking on 2. modify userPassword and delete another attribute using single operation, like (in Perl): $ldap = new Net::LDAP(...); ... $ldap->modify("dn", changes => [ replace => [ mail => [], userPassword => "pw" ] ] ] ); Actual results: Server crash. Expected results: Server performs the requested operation. Additional info: The function mod2smod does not check for mod->mod_bvalues being NULL and tries to dereference it (modutil.c:370). This function happens to be called only by slapi_mods_get_{first,next}_smod(), which are in turn called only by check_trivial_words() in pw.c; this is why the crash appears only when checking password syntax. The attached patch fixes that.
Created attachment 135210 [details] patch
Thanks!
We would like to get this fix into the upcoming 1.0.3 version. However, in order to use your patch, we require either an Individual or Corporate Contributor License Agreement. Please see http://directory.fedora.redhat.com/wiki/Contributing for more information.
Have you submitted your CLA yet? This is required, otherwise we cannot accept your patch for inclusion in the product.
I did about an hour ago; hope it got through. Sorry, I did not mean to cause delays in schedule.
Thanks! > Sorry, I did not mean to cause delays in schedule. No, no problem. I should have asked you to submit a CLA months ago when you submitted the patch. I keep forgetting. We're all still getting used to this open source development process. Thanks again for the patch and keep them coming!
Created attachment 138386 [details] new diffs for mod_values case Looks like we have the same problem in the mod_values case (even though the code says this should never be called, better to be safe than sorry).
Looks good!
Reviewed by: nhosoi (Thanks!) Files: see diff Branch: HEAD Fix Description: From Michal: "The function mod2smod does not check for mod->mod_bvalues being NULL and tries to dereference it (modutil.c:370). This function happens to be called only by slapi_mods_get_{first,next}_smod(), which are in turn called only by check_trivial_words() in pw.c; this is why the crash appears only when checking password syntax." I added the same check for the mod_values case - even though the code says this should never be called, better to be safe than sorry. Platforms tested: RHEL4 Checking in modutil.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/modutil.c,v <-- modutil.c new revision: 1.6; previous revision: 1.5 done
Created attachment 284721 [details] perl script used to verify bug with
Used the previous script to make the change and delete. Had the following output: [root@legbreaker ~]# ./modldap.pl modifing: dn: uid=12,ou=People, o=my.com mail: 12 uid: 12 givenName: 1 objectClass: top sn: 2 cn: 1 2 userPassword: {SSHA}GXmHVv1cWhz/QUtxDlZyC5hUgNovYCClwaqHxw== [root@legbreaker ~]# ./modldap.pl modifing: dn: uid=12,ou=People, o=my.com uid: 12 givenName: 1 objectClass: top sn: 2 cn: 1 2 userPassword: {SSHA}qMir6JcJ3Dk4djGefX7dXj3WABj2iiCeDCVS1w== The email was removed and the password hash changed. Bug verified aginst: 1197402236 redhat-ds-base-8.0.0-11.el5dsrv Tue Dec 11 2007 1197402244 redhat-ds-admin-8.0.0-1.15.el5dsrv Tue Dec 11 2007 1197402246 redhat-ds-console-8.0.0-8.el5dsrv Tue Dec 11 2007 1197402247 redhat-admin-console-8.0.0-9.el5dsrv Tue Dec 11 2007