[ldapvi] Bug in hash encodings (e.g. SSHA for passwords)

[Dale Sedivec]

	Greetings.  Thanks for ldapvi, it's really quite a bit better
than all the GUI editors.

	I may have found a bug: when using the MD5, SMD5, SHA, or SSHA
encodings, the string that indicates how the value is hashed (e.g.
"{SSHA}") is hashed, rather than the given value.  For example, I
could feed ldapvi:

    userPassword:ssha test

And instead of hashing "test" it would hash "{SSHA}" (combined with a
salt, in that case).

	I've made a very simple, kind of lazy patch for this, which
you may find below.  I'm not subscribed, so please copy me on any
replies.

Thanks again,
Dale


--- ldapvi-1.7/parse.c.orig	2007-10-22 17:55:51.000000000 -0400
+++ ldapvi-1.7/parse.c	2007-10-22 18:05:11.000000000 -0400
@@ -261,21 +261,29 @@
 		g_string_assign(value, "{CRYPT}");
 		g_string_append(value, hash);
 	} else if (!strcasecmp(encoding, "sha")) {
-		if (read_ldif_attrval(s, value) == -1) return -1;
+		GString *cleartext = g_string_new("");
+		if (read_ldif_attrval(s, cleartext) == -1) return -1;
 		g_string_assign(value, "{SHA}");
-		if (!g_string_append_sha(value, value->str)) return -1;
+		if (!g_string_append_sha(value, cleartext->str)) return -1;
+		g_string_free(cleartext, TRUE);
 	} else if (!strcasecmp(encoding, "ssha")) {
-		if (read_ldif_attrval(s, value) == -1) return -1;
+		GString *cleartext = g_string_new("");
+		if (read_ldif_attrval(s, cleartext) == -1) return -1;
 		g_string_assign(value, "{SSHA}");
-		if (!g_string_append_ssha(value, value->str)) return -1;
+		if (!g_string_append_ssha(value, cleartext->str)) return -1;
+		g_string_free(cleartext, TRUE);
 	} else if (!strcasecmp(encoding, "md5")) {
-		if (read_ldif_attrval(s, value) == -1) return -1;
+		GString *cleartext = g_string_new("");
+		if (read_ldif_attrval(s, cleartext) == -1) return -1;
 		g_string_assign(value, "{MD5}");
-		if (!g_string_append_md5(value, value->str)) return -1;
+		if (!g_string_append_md5(value, cleartext->str)) return -1;
+		g_string_free(cleartext, TRUE);
 	} else if (!strcasecmp(encoding, "smd5")) {
-		if (read_ldif_attrval(s, value) == -1) return -1;
+		GString *cleartext = g_string_new("");
+		if (read_ldif_attrval(s, cleartext) == -1) return -1;
 		g_string_assign(value, "{SMD5}");
-		if (!g_string_append_smd5(value, value->str)) return -1;
+		if (!g_string_append_smd5(value, cleartext->str)) return -1;
+		g_string_free(cleartext, TRUE);
 	} else {
 		char *ptr;
 		int n = strtol(encoding, &ptr, 10);