diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-08-15 09:22:04 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-08-15 09:22:04 +0000 |
commit | 2216b84b681a71649cf6ac5ff6bde6ba8117541d (patch) | |
tree | 4578a72a84eb679bfd346d71fc6c784e636a216a | |
parent | 331fb0e84ff2f8fc1fe5fbdf3493c3c41a28dbbd (diff) |
main/openldap: security fix (CVE-2012-1164)
fixes #1319
-rw-r--r-- | main/openldap/APKBUILD | 4 | ||||
-rw-r--r-- | main/openldap/openldap-cve-assertion-processing-search-queries.patch | 52 |
2 files changed, 55 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index cb50dd92e69..5687cb27cdd 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openldap pkgver=2.4.26 -pkgrel=3 +pkgrel=4 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -18,6 +18,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg openldap-2.4-ppolicy.patch openldap-2.4.11-libldap_r.patch cve-2011-4079.patch + openldap-cve-assertion-processing-search-queries.patch slapd.initd slapd.confd slurpd.initd @@ -115,6 +116,7 @@ md5sums="f36f3086031dd56ae94f722ffae8df5e openldap-2.4.26.tgz 2524e490ba334a760fa57057c16da7a9 openldap-2.4-ppolicy.patch d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch 967d86fbfdbf9054b722f23323751fc9 cve-2011-4079.patch +4f71dd299204ab338c33a17594934466 openldap-cve-assertion-processing-search-queries.patch a729bf553d12b4a9fbda0ff5202a0443 slapd.initd b672311fca605c398240cd37a2ae080a slapd.confd fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd" diff --git a/main/openldap/openldap-cve-assertion-processing-search-queries.patch b/main/openldap/openldap-cve-assertion-processing-search-queries.patch new file mode 100644 index 00000000000..1848830045f --- /dev/null +++ b/main/openldap/openldap-cve-assertion-processing-search-queries.patch @@ -0,0 +1,52 @@ +Assertion failure by processing search queries requesting only attributes for particular entry + +Upstream ITS: #7143 +Upstream commit: ef2f526 430256f 463c1fa +Resolves: #802514 (CVE-2012-1164) + +diff --git a/servers/slapd/attr.c b/servers/slapd/attr.c +index 51f5075..bfc717c 100644 +--- a/servers/slapd/attr.c ++++ b/servers/slapd/attr.c +@@ -232,13 +232,16 @@ attr_dup2( Attribute *tmp, Attribute *a ) + if ( a->a_nvals != a->a_vals ) { + + tmp->a_nvals = ch_malloc( (tmp->a_numvals + 1) * sizeof(struct berval) ); +- for ( j = 0; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) { +- assert( j < i ); +- ber_dupbv( &tmp->a_nvals[j], &a->a_nvals[j] ); +- if ( BER_BVISNULL( &tmp->a_nvals[j] ) ) break; +- /* FIXME: error? */ ++ j = 0; ++ if ( i ) { ++ for ( ; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) { ++ assert( j < i ); ++ ber_dupbv( &tmp->a_nvals[j], &a->a_nvals[j] ); ++ if ( BER_BVISNULL( &tmp->a_nvals[j] ) ) break; ++ /* FIXME: error? */ ++ } ++ assert( j == i ); + } +- assert( j == i ); + BER_BVZERO( &tmp->a_nvals[j] ); + + } else { +diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c +index c724be2..0c78e80 100644 +--- a/servers/slapd/overlays/rwm.c ++++ b/servers/slapd/overlays/rwm.c +@@ -1276,7 +1276,13 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN ) + NULL ); + + if ( rc != LDAP_SUCCESS ) { +- BER_BVZERO( &(*ap)->a_nvals[i] ); ++ /* FIXME: this is wrong, putting a non-normalized value ++ * into nvals. But when a proxy sends us bogus data, ++ * we still need to give it to the client, even if it ++ * violates the syntax. I.e., we don't want to silently ++ * drop things and trigger an apparent data loss. ++ */ ++ ber_dupbv( &(*ap)->a_nvals[i], &(*ap)->a_vals[i] ); + } + } + BER_BVZERO( &(*ap)->a_nvals[i] ); |