[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)

24 Feb 2021


      https://bugs.openldap.org/show_bug.cgi?id=9347
Ondřej Kuzník ondra@mistotebe.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
              Group|OpenLDAP-devs               |
--- Comment #2 from Ondřej Kuzník ondra@mistotebe.net ---
This is certainly not an integer overflow of any kind, just an invalid policy,
hence it is ignored and an error is logged. Whether that is a security issue is
debatable, as every policy admin should make sure the policy they set is valid
and is enforced correctly.
As an aside, it might be worth trying to apply the default policy if a
specified policy doesn't exist/doesn't validate, but that would be a change
from existing behaviour as enshrined in the test suite.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9347] ppolicy: Password policy not applied when pwdMaxAge overflows max int (32-bit)