ldap/servers/plugins/rever/rever.c | 6 +--
ldap/servers/slapd/pblock.c | 2 -
3 files changed, 16 insertions(+), 44 deletions(-)
New commits:
commit 2309c38a2c510b011327354c0600e945ce2e53a5
Author: William Brown <firstyear@redhat.com>
Date: Tue Jun 28 12:15:03 2016 +1000
Ticket 48902 - Strdup pwdstoragescheme name to prevent misbehaving plugins
Bug Description: Some plugins would set the pwdstorageschemename to a value
from their stack. This would cause ns-slapd to segfault on shutdown due to
attempting to free this value.
Fix Description: pblock now strdups the pwdstorageschemename, so that plugins
can behave however they want, and we always do the right thing.
https://fedorahosted.org/389/ticket/48902
Author: wibrown
Review by: nhosoi (Thanks!)
diff --git a/ldap/servers/plugins/pwdstorage/pwd_init.c b/ldap/servers/plugins/pwdstorage/pwd_init.c
index d441d38..5c14c95 100644
--- a/ldap/servers/plugins/pwdstorage/pwd_init.c
+++ b/ldap/servers/plugins/pwdstorage/pwd_init.c
@@ -50,7 +50,6 @@ int
sha_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha_pwd_storage_scheme_init\n" );
@@ -62,9 +61,8 @@ sha_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) sha1_pw_enc);
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha1_pw_cmp );
- name = slapi_ch_strdup("SHA");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SHA" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha_pwd_storage_scheme_init %d\n\n", rc );
@@ -75,7 +73,6 @@ int
ssha_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha_pwd_storage_scheme_init\n" );
@@ -87,9 +84,8 @@ ssha_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) salted_sha1_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha1_pw_cmp );
- name = slapi_ch_strdup("SSHA");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SSHA" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -99,7 +95,6 @@ int
sha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha256_pwd_storage_scheme_init\n" );
@@ -111,9 +106,8 @@ sha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) sha256_pw_enc);
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha256_pw_cmp );
- name = slapi_ch_strdup("SHA256");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SHA256" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha256_pwd_storage_scheme_init %d\n\n", rc );
@@ -124,7 +118,6 @@ int
ssha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha256_pwd_storage_scheme_init\n" );
@@ -136,9 +129,8 @@ ssha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) salted_sha256_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha256_pw_cmp );
- name = slapi_ch_strdup("SSHA256");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SSHA256" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha256_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -148,7 +140,6 @@ int
sha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha384_pwd_storage_scheme_init\n" );
@@ -160,9 +151,8 @@ sha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) sha384_pw_enc);
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha384_pw_cmp );
- name = slapi_ch_strdup("SHA384");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SHA384" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha384_pwd_storage_scheme_init %d\n\n", rc );
@@ -173,7 +163,6 @@ int
ssha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha384_pwd_storage_scheme_init\n" );
@@ -185,9 +174,8 @@ ssha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) salted_sha384_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha384_pw_cmp );
- name = slapi_ch_strdup("SSHA384");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SSHA384" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha384_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -197,7 +185,6 @@ int
sha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha512_pwd_storage_scheme_init\n" );
@@ -209,9 +196,8 @@ sha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) sha512_pw_enc);
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha512_pw_cmp );
- name = slapi_ch_strdup("SHA512");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SHA512" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha512_pwd_storage_scheme_init %d\n\n", rc );
@@ -222,7 +208,6 @@ int
ssha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha512_pwd_storage_scheme_init\n" );
@@ -234,9 +219,8 @@ ssha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) salted_sha512_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) sha512_pw_cmp );
- name = slapi_ch_strdup("SSHA512");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SSHA512" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha512_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -246,7 +230,6 @@ int
crypt_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> crypt_pwd_storage_scheme_init\n" );
@@ -259,9 +242,8 @@ crypt_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) crypt_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) crypt_pw_cmp );
- name = slapi_ch_strdup("CRYPT");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "CRYPT" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= crypt_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -271,7 +253,6 @@ int
clear_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> clear_pwd_storage_scheme_init\n" );
@@ -283,9 +264,8 @@ clear_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) clear_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) clear_pw_cmp );
- name = slapi_ch_strdup("CLEAR");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "CLEAR" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= clear_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -295,7 +275,6 @@ int
ns_mta_md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ns_mta_md5_pwd_storage_scheme_init\n" );
@@ -307,9 +286,8 @@ ns_mta_md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) NULL );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) ns_mta_md5_pw_cmp );
- name = slapi_ch_strdup("NS-MTA-MD5");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "NS-MTA-MD5" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ns_mta_md5_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -319,7 +297,6 @@ int
md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> md5_pwd_storage_scheme_init\n" );
@@ -331,9 +308,8 @@ md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) md5_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) md5_pw_cmp );
- name = slapi_ch_strdup("MD5");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "MD5" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= md5_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
@@ -343,7 +319,6 @@ int
smd5_pwd_storage_scheme_init( Slapi_PBlock *pb )
{
int rc;
- char *name;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> smd5_pwd_storage_scheme_init\n" );
@@ -355,9 +330,8 @@ smd5_pwd_storage_scheme_init( Slapi_PBlock *pb )
(void *) smd5_pw_enc );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
(void *) smd5_pw_cmp );
- name = slapi_ch_strdup("SMD5");
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
- name );
+ "SMD5" );
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= smd5_pwd_storage_scheme_init %d\n\n", rc );
return( rc );
diff --git a/ldap/servers/plugins/rever/rever.c b/ldap/servers/plugins/rever/rever.c
index c49eeec..719cbde 100644
--- a/ldap/servers/plugins/rever/rever.c
+++ b/ldap/servers/plugins/rever/rever.c
@@ -68,7 +68,6 @@ aes_dec( char *pwd, char *alg )
int
aes_init( Slapi_PBlock *pb)
{
- char *name = slapi_ch_strdup(AES_REVER_SCHEME_NAME);
int rc;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> aes_init\n" );
@@ -78,7 +77,7 @@ aes_init( Slapi_PBlock *pb)
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, (void *) aes_enc);
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, (void *) aes_cmp );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_DEC_FN, (void *) aes_dec );
- rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, name );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, AES_REVER_SCHEME_NAME );
init_pbe_plugin();
@@ -130,7 +129,6 @@ des_dec( char *pwd )
int
des_init( Slapi_PBlock *pb )
{
- char *name = slapi_ch_strdup(DES_REVER_SCHEME_NAME);
int rc;
slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> des_init\n" );
@@ -140,7 +138,7 @@ des_init( Slapi_PBlock *pb )
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, (void *) des_enc);
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, (void *) des_cmp );
rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_DEC_FN, (void *) des_dec );
- rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, name );
+ rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, DES_REVER_SCHEME_NAME );
init_pbe_plugin();
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 7205337..db5a9e7 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -3473,7 +3473,7 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
/* password storage scheme (kexcoff) */
case SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME:
- pblock->pb_plugin->plg_pwdstorageschemename = (char *)value;
+ pblock->pb_plugin->plg_pwdstorageschemename = slapi_ch_strdup((char *)value);
break;
case SLAPI_PLUGIN_PWD_STORAGE_SCHEME_USER_PWD:
pblock->pb_pwd_storage_scheme_user_passwd = (char *)value;
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
No comments:
Post a Comment