From 679e7b024e36ac9dfce85766f5d82cc272911e53 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Tue, 25 Aug 2015 16:31:10 -0700 Subject: [PATCH 52/52] Ticket #48228 - wrong password check if passwordInHistory is decreased. Description: Regression was added by this commit: commit 1a119125856006543aae0520b5800a8b52c3b049 Ticket #48228 - wrong password check if passwordInHistory is decreased. Compare function pw_history_cmp used in qsort did not check the correct address for the timestamp string, which made qsort return the password history in the wrong order. https://fedorahosted.org/389/ticket/48228 Reviewed by rmeggins@redhat.com (Thank you, Rich!) (cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4) (cherry picked from commit 096b386663c949136095def77a7fb12eee64e542) --- ldap/servers/slapd/pw.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 3abebbf..4e222d7 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1085,8 +1085,6 @@ retry: static int pw_history_cmp(const void *h0, const void *h1) { - size_t h0sz = 0; - size_t h1sz = 0; if (!h0) { if (!h1) { return 0; @@ -1097,23 +1095,20 @@ pw_history_cmp(const void *h0, const void *h1) if (!h1) { return 1; } else { - size_t delta; - h0sz = strlen(h0); - h1sz = strlen(h1); - delta = h0sz - h1sz; - if (!delta) { - return delta; - } - if (h0sz < GENERALIZED_TIME_LENGTH) { + char *h0str = *(char **)h0; + char *h1str = *(char **)h1; + size_t h0sz = strlen(h0str); + size_t h1sz = strlen(h1str); + if ((h0sz < GENERALIZED_TIME_LENGTH) || + (h1sz < GENERALIZED_TIME_LENGTH)) { /* too short for the history str. */ - return 0; + return h0sz - h1sz; } + return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH); } } - return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH); } - static int update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ) { -- 1.9.3