- Resolves: RHEL-58681 - high wtime can hide a worker reading a large requests - Resolves: RHEL-62876 - Inconsistencies in the log messages - Resolves: RHEL-68692 - Replication halt caused by an incorrect setting of "nsslapd-changelogmaxage" - Resolves: RHEL-76836 - Crash in replica_config_add when manually configuring a replica with an incorrect nsds5ReplicaRoot. - Resolves: RHEL-80256 - [RFE] RHDS healthcheck tool could provide more information in offline mode - Resolves: RHEL-84531 - access log - suspicious wtime optime negative and large values in internal op - Resolves: RHEL-86325 - dbscan utility not filtering using -k option - Resolves: RHEL-88942 - LDAP healthcheck and ignoring entrydn index and associated config - Resolves: RHEL-109505 - Possible memory leak when using the Retro Changelog plugin. - Resolves: RHEL-117666 - [RFE] Expose stats from deferred memberof - Resolves: RHEL-118811 - Password policy can be created even though the same one already exists - Resolves: RHEL-118867 - Memory leak issue in an IPA deployment. - Resolves: RHEL-121119 - Differences on export ldif using online of off-line method on RHDS - Resolves: RHEL-121169 - dsctl should report error when the ldif to import doesn't have permissions to be read by dirsrv. - Resolves: RHEL-129204 - Local password policies can be created with unallowed values - Resolves: RHEL-129597 - Remediate "Could not read password attribute" error on directory Servers with chaining enabled(DBLink) - Resolves: RHEL-132767 - An online reinitialization with LMDB is terminating the receiving server - Resolves: RHEL-134188 - RFE: add server-side configuration to ignore malformed controls and/or override critical controls from clients - Resolves: RHEL-138569 - AddressSanitizer: SEGV ldap/servers/plugins/automember/automember.c:1962 in automember_mod_post_op - Resolves: RHEL-140005 - Memory leaks in IPA context on server restart - Resolves: RHEL-141049 - Fail open condition in ACL - Resolves: RHEL-141480 - [RFE] Add shadowLastChange fixup task - Resolves: RHEL-146147 - Fix dsconf to allow specifying multiple certificates for use in 389-ds server - Resolves: RHEL-149125 - dnaSharedConfig: "dnaPortNum: 0" - Resolves: RHEL-151246 - dsctl healthcheck DSMOLE0001 inaccurate recommendations when there is more than 1 LDAP backend - Resolves: RHEL-152373 - Entry cache DN hash table corruption causes SIGSEGV in ns-slapd - Resolves: RHEL-153088 - [RFE] Add OS-level thread names to all server threads - Resolves: RHEL-153089 - [RFE] Add work queue metrics to cn=monitor - Resolves: RHEL-153092 - [RFE] Per-operation thread pool context via STAT extension - Resolves: RHEL-153372 - dirsrv@.service missing NoNewPrivileges and MemoryDenyWriteExecute despite broad capability set - Resolves: RHEL-154374 - Prevent the ability of creating a replication agreement from a node back to itself is needed - Resolves: RHEL-154380 - DS 12 does not handle escape char in bind user - Resolves: RHEL-157894 - Online export is failing when using the option "-s" - Resolves: RHEL-163373 - WARN - keys2idl - received NULL idl from index_read_ext_allids - Resolves: RHEL-165956 - can't modify user's name/dn if it's owner of SubIDs - Resolves: RHEL-169529 - Rebase 389-ds-base to 3.3.x - Resolves: RHEL-170277 - Memory leaks in syncrepl plugin during persistent search operations - Resolves: RHEL-170643 - passwordbadwords attribute of the local password policy is not functioning - Resolves: RHEL-170907 - Substring index produces empty results and can crash when non-default nsSubStrBegin/nsSubStrEnd lengths are configured - Resolves: RHEL-172228 - Replacing a group's member list modifies users who were already members - Resolves: RHEL-174908 - Replication errors in logs - Resolves: RHEL-181022 - Server shutdown during online reindex may lead to data loss
46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
From c36ad54ed05c4821fbd2211f0be78163cfdc1464 Mon Sep 17 00:00:00 2001
|
|
From: Mark Reynolds <mreynolds@redhat.com>
|
|
Date: Wed, 3 Jun 2026 17:52:09 -0400
|
|
Subject: [PATCH 3/6] Issue 7554 - deref plugin null pointer dereference if
|
|
ber_init fails
|
|
|
|
Description:
|
|
|
|
**CWE**: CWE-476 (NULL Pointer Dereference)
|
|
|
|
A flaw in the 389 Directory Server's dereference control plugin allows an
|
|
unauthenticated attacker to crash the LDAP server when the system is under
|
|
memory pressure(OOM). The deref plugin, enabled by default, fails to check for
|
|
a memory allocation failure before using the result, causing the server
|
|
process to terminate.
|
|
|
|
CI test 'test_deref_and_access_control' already covers this fix.
|
|
|
|
relates: https://github.com/389ds/389-ds-base/issues/7554
|
|
|
|
Reviewed by: tbordaz & progier(Thanks!!)
|
|
---
|
|
ldap/servers/plugins/deref/deref.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
|
|
index fc1c10f71..fc157f6d6 100644
|
|
--- a/ldap/servers/plugins/deref/deref.c
|
|
+++ b/ldap/servers/plugins/deref/deref.c
|
|
@@ -357,6 +357,12 @@ deref_parse_ctrl_value(DerefSpecList *speclist, const struct berval *ctrlbv, int
|
|
}
|
|
|
|
ber = ber_init((struct berval *)ctrlbv);
|
|
+ if (!ber) {
|
|
+ *ldapcode = LDAP_UNWILLING_TO_PERFORM;
|
|
+ *ldaperrtext = "Deref control parsing failed to initialize BER element";
|
|
+ return;
|
|
+ }
|
|
+
|
|
for (tag = ber_first_element(ber, &len, &last);
|
|
(tag != LBER_ERROR) && (tag != LBER_END_OF_SEQORSET);
|
|
tag = ber_next_element(ber, &len, last)) {
|
|
--
|
|
2.54.0
|
|
|