(ITS#5575) smbk5pwd and slapd disagree on rs_new.bv_val \0 termination

Full_Name: Laurent Pinchart Version: 2.4.9 OS: Linux Ubuntu 8.04 URL: Submission from: (NULL) (194.78.198.49)

When parsing password change extended operations, servers/slapd/passwd.c:slap_passwd_parse() calls ber_get_stringbv() with LBER_BV_NOTERM set. The resulting bv_val doesn't end with a \0.

When changing the password, smbk5pwd assumes rs_new.bv_val is zero terminated and doesn't check its length. This results in garbage being appended to the password.

Either smbk5pwd should zero-terminate rs_new.bv_val, or the password change EXOP parsing code should make sure a trailing \0 is appended to bv_val.