From 5b4fff6aff59c3fb4325055d171fccaca3aaaa6b Mon Sep 17 00:00:00 2001 From: Nikolai Kondrashov Date: Thu, 30 Mar 2017 14:13:46 +0300 Subject: [PATCH] Handle connection error in rlm_ldap_cacheable_groupobj --- ...n-error-in-rlm_ldap_cacheable_groupo.patch | 30 +++++++++++++++++++ freeradius.spec | 4 +++ 2 files changed, 34 insertions(+) create mode 100644 freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch diff --git a/freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch b/freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch new file mode 100644 index 0000000..8dac6ed --- /dev/null +++ b/freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch @@ -0,0 +1,30 @@ +From bd67f9fc09690f0b3ac195cb9c57d51bd7a7dc23 Mon Sep 17 00:00:00 2001 +From: Nikolai Kondrashov +Date: Wed, 29 Mar 2017 10:43:14 +0300 +Subject: [PATCH] Handle connection error in rlm_ldap_cacheable_groupobj + +Closes #1951 + +(cherry picked from commit 208681c80e1149de888affdb87f34de0c371db50) +--- + src/modules/rlm_ldap/groups.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/modules/rlm_ldap/groups.c b/src/modules/rlm_ldap/groups.c +index 12f34da2a..5e0a1819e 100644 +--- a/src/modules/rlm_ldap/groups.c ++++ b/src/modules/rlm_ldap/groups.c +@@ -461,8 +461,10 @@ rlm_rcode_t rlm_ldap_cacheable_groupobj(rlm_ldap_t const *inst, REQUEST *request + + case LDAP_PROC_NO_RESULT: + RDEBUG2("No cacheable group memberships found in group objects"); ++ goto finish; + + default: ++ rcode = RLM_MODULE_FAIL; + goto finish; + } + +-- +2.11.0 + diff --git a/freeradius.spec b/freeradius.spec index 40e29f0..2bd1126 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -25,6 +25,7 @@ Patch1: freeradius-redhat-config.patch Patch2: freeradius-Use-system-crypto-policy-by-default.patch Patch3: freeradius-Relax-OpenSSL-permissions-for-default-key-files.patch Patch4: freeradius-Fix-some-issues-found-with-static-analyzers.patch +Patch5: freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -196,6 +197,7 @@ This plugin provides the REST support for the FreeRADIUS server project. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -801,6 +803,8 @@ exit 0 * Wed Mar 29 2017 Nikolai Kondrashov - 3.0.13-3 - Explicitly disable rlm_cache_memcached to avoid error when the module's dependencies are installed, and it is built, but not packaged. +- Prevent segfaults by adding a missing handling of connection errors in + rlm_ldap. * Wed Mar 15 2017 Nikolai Kondrashov - 3.0.13-2 - Fix permissions of default key files in raddb/certs.