ITS#10399 pw-pbkdf2: fix iteration configuration parameter

the first module argument is argc=1 and argv[0], as invoked by
servers/slapd/slappasswd.c/parse_slappasswdopt and
servers/slapd/module.c/module_load

diff --git a/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c b/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
index d88b63d0d89f0c1de53cee5556d5ce26309db829..45601d4425885a5fdebbcdb0334f4706b0f89660 100644 (file)
--- a/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
+++ b/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
@@ -429,13 +429,26 @@ static int pbkdf2_check(
 int init_module(int argc, char *argv[]) {
        int rc;
 
-       if (argc == 2) {
-               int iter = atoi(argv[1]);
+       if (argc > 0) {
+               char *endptr = NULL;
+               int iter = strtol(argv[0], &endptr, 0);
+               if (strlen(argv[0]) == 0 || *endptr != '\0') {
+                       perror("pw-pbkdf2 rounds argument invalid\n");
+                       return -1;
+               }
+
                if (iter > 0)
                        pbkdf2_iteration = iter;
-               else
+               else {
+                       fprintf(stderr, "pw-pbkdf2 rounds must be >= 1");
                        return -1;
+               }
+       }
+       if (argc > 1) {
+               fprintf(stderr, "unknown arguments given to pw-pbkdf2\n");
+               return -1;
        }
+
        rc = lutil_passwd_add((struct berval *)&pbkdf2_scheme,
                                                  pbkdf2_check, pbkdf2_encrypt);
        if(rc) return rc;