From 7ea7f09ebe4e6e1862d382dacee057009a2a8e25 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Mon, 10 Nov 2008 23:28:20 +0000
Subject: [PATCH] ITS#5794

---
 CHANGES                | 1 +
 servers/slapd/passwd.c | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index 9c53c5688d..cea5e0bf44 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,7 @@ OpenLDAP 2.4.13 Engineering
 	Added slapd dn.this search limits (ITS#5734)
 	Fixed slapd error status on shutdown (ITS#5745)
 	Fixed slapd nameUIDPretty bitstring parsing (ITS#5750)
+	Fixed slapd null termination of password (ITS#5794)
 	Fixed slapd overlay/database open with real structure (ITS#5724)
 	Fixed slapd parsing of read entry control (ITS#5741)
 	Added slapd PMI schema (ITS#5695)
diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 18d0bd2142..f711871a6e 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -503,6 +503,7 @@ slap_passwd_check(
 	int			result = 1;
 	struct berval		*bv;
 	AccessControlState	acl_state = ACL_STATE_INIT;
+	char		credNul = cred->bv_val[cred->bv_len];
 
 #ifdef SLAPD_SPASSWD
 	void		*old_authctx = NULL;
@@ -511,6 +512,8 @@ slap_passwd_check(
 		op->o_conn->c_sasl_authctx, 0, &old_authctx, NULL );
 #endif
 
+	if ( credNul ) cred->bv_val[cred->bv_len] = 0;
+
 	for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
 		/* if e is provided, check access */
 		if ( e && access_allowed( op, e, a->a_desc, bv,
@@ -525,6 +528,8 @@ slap_passwd_check(
 		}
 	}
 
+	if ( credNul ) cred->bv_val[cred->bv_len] = credNul;
+
 #ifdef SLAPD_SPASSWD
 	ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)slap_sasl_bind,
 		old_authctx, 0, NULL, NULL );
-- 
GitLab