Bug 999634 - ns-slapd crash due to bogus DN

https://bugzilla.redhat.com/show_bug.cgi?id=999634
Reviewed by: ???
Branch: master
Fix Description: When the target DN is not a valid DN, the code will bypass
the initialization of unhashed_pw_smod, and attempt to call slapi_smods_done.
Depending on what memory is in the unhashed_pw_smod, if both mods and
free_mods are true, an attempt will be made to free mods or *mods and the
server will crash.  It is tricky to find the right sequence of operations
that will write the stack in such a way that both unhashed_pw_smod.mods
and unhashed_pw_smod.free_mods are set.
The fix is to just get rid of unhashed_pw_smod which is not used.
I also check this code and other operation code for similar cases, but the
rest of the code is clean.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit a3d65ac00df871675896f587b0da2c24eab961bb)
(cherry picked from commit f513bc3f955a07c9d22128b312dbbb0384192e31)

ldap/servers/slapd/modify.c

@@ -653,7 +653,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 	int passin_sdn = 0;
 	LDAPMod	**mods, *pw_mod, **tmpmods = NULL;
 	Slapi_Mods smods;
-	Slapi_Mods unhashed_pw_smod;	
 	int repl_op, internal_op, lastmod, skip_modified_attrs;
 	char *unhashed_pw_attr = NULL;
 	Slapi_Operation *operation;
@@ -692,8 +691,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 
 	slapi_mods_init_passin (&smods, mods);
 
-	slapi_mods_init(&unhashed_pw_smod, 0);
-
 	/* target spec is used to decide which plugins are applicable for the operation */
 	operation_set_target_spec (pb->pb_op, sdn);
 
@@ -1138,7 +1135,6 @@ free_and_return:
 	if (be)
 		slapi_be_Unlock(be);
 
-	slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
 	if (unhashed_pw_attr)
 		slapi_ch_free ((void**)&unhashed_pw_attr);