From 8c8c852d9d3e524cb60a8d1b54f4a4f85a3f22c4 Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Mon, 17 Mar 2014 19:34:45 -0700 Subject: [PATCH] Ticket 47752 - Don't add unhashed password mod if we don't have an unhashed value When performing a modify operation to replace the userpassword with a pre-hashed value, the modify code adds a LDAPMod that replaces the "unhashed#user#password" attribute with no values. While this doesn't cause any harm inside DS itself, it is not the correct behavior. We should only add a LDAPMod for the unhashed password if we actually have an unhashed value available. --- ldap/servers/slapd/modify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 79e7c7c..e54a27e 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -972,10 +972,10 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) } else { /* add pseudo password attribute */ valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va); - if(va){ + if(va && va[0]){ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va); - valuearray_free(&va); } + valuearray_free(&va); } /* Init new value array for hashed value */ -- 1.8.1.4