main/openldap: sec fix for CVE-2017-9287

1 files changed, 28 insertions, 0 deletions

diff --git a/main/openldap/CVE-2017-9287.patch b/main/openldap/CVE-2017-9287.patch
new file mode 100644
index 00000000000..1599c13315e
--- /dev/null
+++ b/main/openldap/CVE-2017-9287.patch
@@ -0,0 +1,28 @@
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan@nardis.ca>
+Date: Wed, 17 May 2017 20:07:39 -0700
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
+
+Fixes a double free when a search includes the Paged Results control
+with a page size of 0 and the search base matches the filter.
+---
+ servers/slapd/back-mdb/search.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
+index 301d1a4..43442aa 100644
+--- a/servers/slapd/back-mdb/search.c
++++ b/servers/slapd/back-mdb/search.c
+@@ -1066,7 +1066,8 @@ notfound:
+ 			/* check size limit */
+ 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+-					mdb_entry_return( op, e );
++					if (e != base)
++						mdb_entry_return( op, e );
+ 					e = NULL;
+ 					send_paged_response( op, rs, &lastid, tentries );
+ 					goto done;
+-- 
+1.7.10.4
+