10399 – pw-pbkdf2.so iterations parameter checks for wrong argc

Issue 10399 - pw-pbkdf2.so iterations parameter checks for wrong argc

Summary: pw-pbkdf2.so iterations parameter checks for wrong argc

Status:	UNCONFIRMED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	contrib (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	2.6.11
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-10-08 14:42 UTC by Jonas Jelten
Modified:	2025-10-14 15:36 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
patch fixing this bug (638 bytes, patch) 2025-10-08 14:45 UTC, Jonas Jelten	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Jonas Jelten 2025-10-08 14:42:33 UTC

f602563bf4a9512885c8e3488d03b3f812cf42d9 introduced a pw-pbkdf2.so argument for specifying the number of hashing rounds.

this contains a bug since the argc is 1 instead of 2 when passing one argument to the module - so the custom iterations are never considered (except when passing a first bogus argument and the iterations as second :)


Background: We're integrating the pbkdf2-iteration configuration patch in Ubuntu https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2125685


I've also just created an account on your gitlab instance - would be great if it was approved :)

Comment 1 Jonas Jelten 2025-10-08 14:45:00 UTC

Created attachment 1087 [details]
patch fixing this bug

Comment 2 Quanah Gibson-Mount 2025-10-14 15:36:00 UTC

gitlab account approved, thanks!