Ticket 48902 - Strdup pwdstoragescheme name to prevent misbehaving plugins

Bug Description:  Some plugins would set the pwdstorageschemename to a value
from their stack. This would cause ns-slapd to segfault on shutdown due to
attempting to free this value.

Fix Description:  pblock now strdups the pwdstorageschemename, so that plugins
can behave however they want, and we always do the right thing.

https://fedorahosted.org/389/ticket/48902

Author: wibrown

Review by: nhosoi (Thanks!)

ldap/servers/plugins/pwdstorage/pwd_init.c

@@ -50,7 +50,6 @@ int
 sha_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int	rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha_pwd_storage_scheme_init\n" );
 
@@ -62,9 +61,8 @@ sha_pwd_storage_scheme_init( Slapi_PBlock *pb )
 	    (void *) sha1_pw_enc);
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 	    (void *) sha1_pw_cmp );
-	name = slapi_ch_strdup("SHA");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-	    name );
+	    "SHA" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha_pwd_storage_scheme_init %d\n\n", rc );
 
@@ -75,7 +73,6 @@ int
 ssha_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int	rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha_pwd_storage_scheme_init\n" );
 
@@ -87,9 +84,8 @@ ssha_pwd_storage_scheme_init( Slapi_PBlock *pb )
 	    (void *) salted_sha1_pw_enc );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 	    (void *) sha1_pw_cmp );
-	name = slapi_ch_strdup("SSHA");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-	    name );
+	    "SSHA" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha_pwd_storage_scheme_init %d\n\n", rc );
 	return( rc );
@@ -99,7 +95,6 @@ int
 sha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
         int     rc;
-        char *name;
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha256_pwd_storage_scheme_init\n" );
 
@@ -111,9 +106,8 @@ sha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
             (void *) sha256_pw_enc);
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
             (void *) sha256_pw_cmp );
-        name = slapi_ch_strdup("SHA256");
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-            name );
+            "SHA256" );
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha256_pwd_storage_scheme_init %d\n\n", rc );
 
@@ -124,7 +118,6 @@ int
 ssha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
         int     rc;
-        char *name;
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha256_pwd_storage_scheme_init\n" );
 
@@ -136,9 +129,8 @@ ssha256_pwd_storage_scheme_init( Slapi_PBlock *pb )
             (void *) salted_sha256_pw_enc );
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
             (void *) sha256_pw_cmp );
-        name = slapi_ch_strdup("SSHA256");
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-            name );
+            "SSHA256" );
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha256_pwd_storage_scheme_init %d\n\n", rc );
         return( rc );
@@ -148,7 +140,6 @@ int
 sha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
         int     rc;
-        char *name;
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha384_pwd_storage_scheme_init\n" );
 
@@ -160,9 +151,8 @@ sha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
             (void *) sha384_pw_enc);
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
             (void *) sha384_pw_cmp );
-        name = slapi_ch_strdup("SHA384");
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-            name );
+            "SHA384" );
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha384_pwd_storage_scheme_init %d\n\n", rc );
 
@@ -173,7 +163,6 @@ int
 ssha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
         int     rc;
-        char *name;
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha384_pwd_storage_scheme_init\n" );
 
@@ -185,9 +174,8 @@ ssha384_pwd_storage_scheme_init( Slapi_PBlock *pb )
             (void *) salted_sha384_pw_enc );
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
             (void *) sha384_pw_cmp );
-        name = slapi_ch_strdup("SSHA384");
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-            name );
+            "SSHA384" );
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha384_pwd_storage_scheme_init %d\n\n", rc );
         return( rc );
@@ -197,7 +185,6 @@ int
 sha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
         int     rc;
-        char *name;
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> sha512_pwd_storage_scheme_init\n" );
 
@@ -209,9 +196,8 @@ sha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
             (void *) sha512_pw_enc);
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
             (void *) sha512_pw_cmp );
-        name = slapi_ch_strdup("SHA512");
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-            name );
+            "SHA512" );
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= sha512_pwd_storage_scheme_init %d\n\n", rc );
 
@@ -222,7 +208,6 @@ int
 ssha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
         int     rc;
-        char *name;
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ssha512_pwd_storage_scheme_init\n" );
 
@@ -234,9 +219,8 @@ ssha512_pwd_storage_scheme_init( Slapi_PBlock *pb )
             (void *) salted_sha512_pw_enc );
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
             (void *) sha512_pw_cmp );
-        name = slapi_ch_strdup("SSHA512");
         rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-            name );
+            "SSHA512" );
 
         slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ssha512_pwd_storage_scheme_init %d\n\n", rc );
         return( rc );
@@ -246,7 +230,6 @@ int
 crypt_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int	rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> crypt_pwd_storage_scheme_init\n" );
 
@@ -259,9 +242,8 @@ crypt_pwd_storage_scheme_init( Slapi_PBlock *pb )
 	    (void *) crypt_pw_enc );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 	    (void *) crypt_pw_cmp );
-	name = slapi_ch_strdup("CRYPT");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-	    name );
+	    "CRYPT" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= crypt_pwd_storage_scheme_init %d\n\n", rc );
 	return( rc );
@@ -271,7 +253,6 @@ int
 clear_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int	rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> clear_pwd_storage_scheme_init\n" );
 
@@ -283,9 +264,8 @@ clear_pwd_storage_scheme_init( Slapi_PBlock *pb )
 	    (void *) clear_pw_enc );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 	    (void *) clear_pw_cmp );
-	name = slapi_ch_strdup("CLEAR");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-	    name );
+	    "CLEAR" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= clear_pwd_storage_scheme_init %d\n\n", rc );
 	return( rc );
@@ -295,7 +275,6 @@ int
 ns_mta_md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int	rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> ns_mta_md5_pwd_storage_scheme_init\n" );
 
@@ -307,9 +286,8 @@ ns_mta_md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
 	    (void *) NULL );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 	    (void *) ns_mta_md5_pw_cmp );
-	name = slapi_ch_strdup("NS-MTA-MD5");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-	    name );
+	    "NS-MTA-MD5" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= ns_mta_md5_pwd_storage_scheme_init %d\n\n", rc );
 	return( rc );
@@ -319,7 +297,6 @@ int
 md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int     rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> md5_pwd_storage_scheme_init\n" );
 
@@ -331,9 +308,8 @@ md5_pwd_storage_scheme_init( Slapi_PBlock *pb )
 							(void *) md5_pw_enc );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 							(void *) md5_pw_cmp );
-	name = slapi_ch_strdup("MD5");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-							name );
+							"MD5" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= md5_pwd_storage_scheme_init %d\n\n", rc );
 	return( rc );
@@ -343,7 +319,6 @@ int
 smd5_pwd_storage_scheme_init( Slapi_PBlock *pb )
 {
 	int     rc;
-	char *name;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> smd5_pwd_storage_scheme_init\n" );
 
@@ -355,9 +330,8 @@ smd5_pwd_storage_scheme_init( Slapi_PBlock *pb )
 							(void *) smd5_pw_enc );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
 							(void *) smd5_pw_cmp );
-	name = slapi_ch_strdup("SMD5");
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME,
-							name );
+							"SMD5" );
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "<= smd5_pwd_storage_scheme_init %d\n\n", rc );
 	return( rc );

ldap/servers/plugins/rever/rever.c

@@ -68,7 +68,6 @@ aes_dec( char *pwd, char *alg )
 int
 aes_init( Slapi_PBlock *pb)
 {
-       char *name = slapi_ch_strdup(AES_REVER_SCHEME_NAME);
        int rc;
 
        slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> aes_init\n" );
@@ -78,7 +77,7 @@ aes_init( Slapi_PBlock *pb)
        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, (void *) aes_enc);
        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, (void *) aes_cmp );
        rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_DEC_FN, (void *) aes_dec );
-       rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, name );
+       rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, AES_REVER_SCHEME_NAME );
 
        init_pbe_plugin();
 
@@ -130,7 +129,6 @@ des_dec( char *pwd )
 int
 des_init( Slapi_PBlock *pb )
 {
-	char *name = slapi_ch_strdup(DES_REVER_SCHEME_NAME);
 	int	rc;
 
 	slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "=> des_init\n" );
@@ -140,7 +138,7 @@ des_init( Slapi_PBlock *pb )
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN, (void *) des_enc);
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN, (void *) des_cmp );
 	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_DEC_FN, (void *) des_dec );
-	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, name );
+	rc |= slapi_pblock_set( pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME, DES_REVER_SCHEME_NAME );
 
 	init_pbe_plugin();
 

ldap/servers/slapd/pblock.c

@@ -3473,7 +3473,7 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
 
     /* password storage scheme (kexcoff) */
     case SLAPI_PLUGIN_PWD_STORAGE_SCHEME_NAME:
-        pblock->pb_plugin->plg_pwdstorageschemename = (char *)value; 
+        pblock->pb_plugin->plg_pwdstorageschemename = slapi_ch_strdup((char *)value);
         break;
     case SLAPI_PLUGIN_PWD_STORAGE_SCHEME_USER_PWD:
         pblock->pb_pwd_storage_scheme_user_passwd = (char *)value;