511112 - Password history limited to 25 valuessaslbasedn

https://bugzilla.redhat.com/show_bug.cgi?id=511112 Fix Description: If an entry already having more than 25 password history attributes is added and password modify is performed on the entry, it overflows the fixed length values_replace array and crashes the server. This patch protects the overflow.
author: Noriko Hosoi <nhosoi@redhat.com> 2010-05-25 17:47:47 -0700
committer: Noriko Hosoi <nhosoi@redhat.com> 2010-05-25 17:47:47 -0700
commit: caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce (patch)
tree: a2ab13fb61b7873fbfcfdcd12d3f110ae9d2b4cb
parent: 50d1c0aaa081a6e2ead6518e992b18e3a12521b3 (diff)
download: ds-caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce.tar.gz
ds-caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce.tar.xz
ds-caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 15add061..bf988779 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1115,10 +1115,10 @@ int update_pw_history( Slapi_PBlock *pb, char *dn, char *old_pw ) {
 	}
 	strcpy ( history_str, str );
 	strcat ( history_str, old_pw );
-	if ( i == pwpolicy->pw_inhistory ) {
+	if ( i >= pwpolicy->pw_inhistory ) {
 		/* replace the oldest password in history */
-		values_replace [oldest] = history_str;
-		values_replace[i]=NULL;
+		values_replace[oldest] = history_str;
+		values_replace[pwpolicy->pw_inhistory] = NULL;
 	} else {
 		/* add old_pw at the end of password history */
 		values_replace[i] =  history_str;
author	Noriko Hosoi <nhosoi@redhat.com>	2010-05-25 17:47:47 -0700
committer	Noriko Hosoi <nhosoi@redhat.com>	2010-05-25 17:47:47 -0700
commit	caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce (patch)
tree	a2ab13fb61b7873fbfcfdcd12d3f110ae9d2b4cb
parent	50d1c0aaa081a6e2ead6518e992b18e3a12521b3 (diff)
download	ds-caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce.tar.gz ds-caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce.tar.xz ds-caaa2b7c5fdab6d3bf8c3155f32020eae8fc82ce.zip