ldap/servers/slapd/bind.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
New commits:
commit caa351ae0cc81cbf2309a43c5f74b359cda152d0
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Thu Aug 4 11:45:49 2016 -0700
Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
Description: do not overwrite rc used to decide if bind was successful.
When the bind is through ldapi/autobind, an entry does not exist to be
checked with slapi_check_account_lock. In that case, a variable rc is
not supposed to be modified which confuses the following code path.
Reviewed by nhosoi(a)redhat.com.
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index c271577..3054c1f 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -775,10 +775,12 @@ do_bind( Slapi_PBlock *pb )
*/
if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
- rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
- if (1 == rc) { /* account is locked */
+ myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
+ if (1 == myrc) { /* account is locked */
+ rc = myrc;
goto account_locked;
}
+ myrc = 0;
}
if (!auto_bind) {
/*