32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From d41352806f44c47a9e99f9eb1b0bdfef7b0aa4f4 Mon Sep 17 00:00:00 2001
|
|
From: Mark Reynolds <mreynolds@redhat.com>
|
|
Date: Tue, 25 Jan 2022 12:27:02 -0500
|
|
Subject: [PATCH] Bug 2027783 - CVE-2021-4091 389-ds-base: double-free of the
|
|
virtual attribute context in persistent search
|
|
|
|
Description: Fix double free. The double free is related to
|
|
persistent search req. It was introduced with i
|
|
https://pagure.io/389-ds-base/issue/49097
|
|
|
|
Reviewed by: mreynolds, progier, jchapman
|
|
---
|
|
ldap/servers/slapd/pblock.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
|
|
index 94e7c0ab7..56bbfc92e 100644
|
|
--- a/ldap/servers/slapd/pblock.c
|
|
+++ b/ldap/servers/slapd/pblock.c
|
|
@@ -330,6 +330,8 @@ slapi_pblock_clone(Slapi_PBlock *pb)
|
|
if (pb->pb_intplugin != NULL) {
|
|
_pblock_assert_pb_intplugin(new_pb);
|
|
*(new_pb->pb_intplugin) = *(pb->pb_intplugin);
|
|
+ /* Make sure that only the cloned pblock refers to vattr_context */
|
|
+ pb->pb_intplugin->pb_vattr_context = NULL;
|
|
}
|
|
if (pb->pb_deprecated != NULL) {
|
|
_pblock_assert_pb_deprecated(new_pb);
|
|
--
|
|
2.31.1
|
|
|