23 Apr
2005
23 Apr
'05
6:51 p.m.
On 19.4.2005, at 12:39, Thomas Hummel wrote:
A quick and dirty fix confirms what I was saying :
If I add :
strncpy(ldap_request->password,password,50);
in
auth/passdb-ldap.c:ldap_verify_plain
the authentication against LDAP works correctly.
Ah, I see. That strncpy() however has the unfortunate effect of possibly corrupting heap and causing all sorts of trouble :) The real fix is to remove ldap_request->password completely and instead use auth_request->mech_password. I had started that change but looks like it got only halfway with LDAP code.