aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-08-15 09:26:18 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-08-15 09:26:18 +0000
commit2a4f6280e5cf666200003553bcb3240ef215c5ab (patch)
treee99fce9a20cfecb32a7998601c1d656c7e4c2984
parent6c4536400e6b9c65d0cf336fe3138bee138cf3cd (diff)
downloadaports-2a4f6280e5cf666200003553bcb3240ef215c5ab.tar.bz2
aports-2a4f6280e5cf666200003553bcb3240ef215c5ab.tar.xz
main/openldap: seccurity fix (CVE-2012-1164)
fixes #1330
-rw-r--r--main/openldap/APKBUILD4
-rw-r--r--main/openldap/openldap-cve-assertion-processing-search-queries.patch52
2 files changed, 55 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index 73434641b7..f8d04479b1 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openldap
pkgver=2.4.25
-pkgrel=2
+pkgrel=3
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -19,6 +19,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg
openldap-2.4.11-libldap_r.patch
openldap-back-sql-fix-64bit.patch
cve-2011-4079.patch
+ openldap-cve-assertion-processing-search-queries.patch
slapd.initd
slapd.confd
slurpd.initd
@@ -113,6 +114,7 @@ md5sums="ec63f9c2add59f323a0459128846905b openldap-2.4.25.tgz
d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch
226eefb3e17810f453b76cbc9d1bdbad openldap-back-sql-fix-64bit.patch
967d86fbfdbf9054b722f23323751fc9 cve-2011-4079.patch
+4f71dd299204ab338c33a17594934466 openldap-cve-assertion-processing-search-queries.patch
a729bf553d12b4a9fbda0ff5202a0443 slapd.initd
b672311fca605c398240cd37a2ae080a slapd.confd
fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd"
diff --git a/main/openldap/openldap-cve-assertion-processing-search-queries.patch b/main/openldap/openldap-cve-assertion-processing-search-queries.patch
new file mode 100644
index 0000000000..1848830045
--- /dev/null
+++ b/main/openldap/openldap-cve-assertion-processing-search-queries.patch
@@ -0,0 +1,52 @@
+Assertion failure by processing search queries requesting only attributes for particular entry
+
+Upstream ITS: #7143
+Upstream commit: ef2f526 430256f 463c1fa
+Resolves: #802514 (CVE-2012-1164)
+
+diff --git a/servers/slapd/attr.c b/servers/slapd/attr.c
+index 51f5075..bfc717c 100644
+--- a/servers/slapd/attr.c
++++ b/servers/slapd/attr.c
+@@ -232,13 +232,16 @@ attr_dup2( Attribute *tmp, Attribute *a )
+ if ( a->a_nvals != a->a_vals ) {
+
+ tmp->a_nvals = ch_malloc( (tmp->a_numvals + 1) * sizeof(struct berval) );
+- for ( j = 0; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) {
+- assert( j < i );
+- ber_dupbv( &tmp->a_nvals[j], &a->a_nvals[j] );
+- if ( BER_BVISNULL( &tmp->a_nvals[j] ) ) break;
+- /* FIXME: error? */
++ j = 0;
++ if ( i ) {
++ for ( ; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) {
++ assert( j < i );
++ ber_dupbv( &tmp->a_nvals[j], &a->a_nvals[j] );
++ if ( BER_BVISNULL( &tmp->a_nvals[j] ) ) break;
++ /* FIXME: error? */
++ }
++ assert( j == i );
+ }
+- assert( j == i );
+ BER_BVZERO( &tmp->a_nvals[j] );
+
+ } else {
+diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c
+index c724be2..0c78e80 100644
+--- a/servers/slapd/overlays/rwm.c
++++ b/servers/slapd/overlays/rwm.c
+@@ -1276,7 +1276,13 @@ rwm_attrs( Operation *op, SlapReply *rs, Attribute** a_first, int stripEntryDN )
+ NULL );
+
+ if ( rc != LDAP_SUCCESS ) {
+- BER_BVZERO( &(*ap)->a_nvals[i] );
++ /* FIXME: this is wrong, putting a non-normalized value
++ * into nvals. But when a proxy sends us bogus data,
++ * we still need to give it to the client, even if it
++ * violates the syntax. I.e., we don't want to silently
++ * drop things and trigger an apparent data loss.
++ */
++ ber_dupbv( &(*ap)->a_nvals[i], &(*ap)->a_vals[i] );
+ }
+ }
+ BER_BVZERO( &(*ap)->a_nvals[i] );