From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 20 Jul 1999 20:27:42 +0000 (+0000)
Subject: Import minor security fix from -devel to resolve ITS#232.
X-Git-Tag: OPENLDAP_REL_ENG_1_2_5~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=302f9405867baaa0c106547f7df15f994f727dd9;p=thirdparty%2Fopenldap.git

Import minor security fix from -devel to resolve ITS#232.
---

diff --git a/CHANGES b/CHANGES
index 1dca61e5a9..46c9620b62 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,7 @@ Changes included in OpenLDAP 1.2 Release Engineering
 	CVS Tag: OPENLDAP_REL_ENG_1_2
 	Fixed slapd substring_comp_candidates null intersection bug (ITS#228)
 	Fixed slapd modify: delete of last attribute value bug (ITS#229)
+	Import password security fix from -devel (ITS#232)
 	Build environment
 		Updated to latest Autoconf (AnonCVS)
 		Updated to latest aclocal from Automake (AnonCVS)
diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index a8f69dc5ff..0b5605a7b2 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -98,7 +98,7 @@ lutil_passwd(
 		lutil_SHA1Final(SHA1digest, &SHA1context);
  
 		/* compare */
-		rc = strncmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
+		rc = memcmp((char *)orig_pass, (char *)SHA1digest, sizeof(SHA1digest));
 		free(orig_pass);
 		return(rc);
 
@@ -128,7 +128,7 @@ lutil_passwd(
 		lutil_MD5Final(MD5digest, &MD5context);
 
 		/* compare */
-		rc = strncmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
+		rc = memcmp((char *)orig_pass, (char *)MD5digest, sizeof(MD5digest));
 		free(orig_pass);
 		return ( rc );