From: Jonas Jelten <jj@sft.lol>
Date: Thu, 16 Oct 2025 23:05:10 +0000 (+0200)
Subject: ITS#10399 pw-pbkdf2: fix iteration configuration parameter
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8ed27ebd02544343f7ace57ae7cf212435f2fd8;p=thirdparty%2Fopenldap.git

ITS#10399 pw-pbkdf2: fix iteration configuration parameter

the first module argument is argc=1 and argv[0], as invoked by
servers/slapd/slappasswd.c/parse_slappasswdopt and
servers/slapd/module.c/module_load
---

diff --git a/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c b/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
index d88b63d0d8..45601d4425 100644
--- a/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
+++ b/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
@@ -429,13 +429,26 @@ static int pbkdf2_check(
 int init_module(int argc, char *argv[]) {
 	int rc;
 
-	if (argc == 2) {
-		int iter = atoi(argv[1]);
+	if (argc > 0) {
+		char *endptr = NULL;
+		int iter = strtol(argv[0], &endptr, 0);
+		if (strlen(argv[0]) == 0 || *endptr != '\0') {
+			perror("pw-pbkdf2 rounds argument invalid\n");
+			return -1;
+		}
+
 		if (iter > 0)
 			pbkdf2_iteration = iter;
-		else
+		else {
+			fprintf(stderr, "pw-pbkdf2 rounds must be >= 1");
 			return -1;
+		}
+	}
+	if (argc > 1) {
+		fprintf(stderr, "unknown arguments given to pw-pbkdf2\n");
+		return -1;
 	}
+
 	rc = lutil_passwd_add((struct berval *)&pbkdf2_scheme,
 						  pbkdf2_check, pbkdf2_encrypt);
 	if(rc) return rc;