Bug(s) fixed: 199321

Bug Description:  incorrect base64 encoding of SHA passwords crashes server
Reviewed by: nkinder (Thanks!)
Fix Description: Check the return value of ldif_base64_decode to see if it is less than zero first before the other comparisons.  This is the error condition, so we can just return an error.  Additionally, the other comparisons with the unsigned should be ok since we know that the hash_len is a positive number.
Platforms tested: FC5
Flag Day: no
Doc impact: no

1 files changed, 4 insertions, 1 deletions

diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c
index 6a86f161..0f4247cb 100644
--- a/ldap/servers/plugins/pwdstorage/sha_pwd.c
+++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c
@@ -115,7 +115,10 @@ sha_pw_cmp (char *userpwd, char *dbpwd, unsigned int shaLen )
         if ( dbhash == NULL ) goto loser;
     }
     hash_len = ldif_base64_decode( dbpwd, dbhash );
-    if ( hash_len >= shaLen ) {
+    if (hash_len < 0) {
+        slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, hasherrmsg, schemeName, dbpwd );
+        goto loser;
+    } else if ( hash_len >= shaLen ) {
         salt.bv_val = (void*)(dbhash + shaLen);
         salt.bv_len = hash_len - shaLen;
     } else if ( hash_len == DS40B1_SALTED_SHA_LENGTH ) {