import UBI openldap-2.4.46-19.el8_10
This commit is contained in:
parent
99c756647c
commit
116d7e78c0
@ -0,0 +1,72 @@
|
|||||||
|
From 840944e26f734bb03d925f26c4ef11a6cedcbb9c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Howard Chu <hyc@openldap.org>
|
||||||
|
Date: Thu, 25 Aug 2022 16:13:21 +0100
|
||||||
|
Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
|
||||||
|
|
||||||
|
Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
|
||||||
|
failure when dup'ing scheme.
|
||||||
|
|
||||||
|
Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
|
||||||
|
---
|
||||||
|
libraries/libldap/url.c | 21 ++++++++++++---------
|
||||||
|
1 file changed, 12 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
|
||||||
|
index dcf2aac9e8..493fd7ce47 100644
|
||||||
|
--- a/libraries/libldap/url.c
|
||||||
|
+++ b/libraries/libldap/url.c
|
||||||
|
@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
|
||||||
|
}
|
||||||
|
ludp->lud_port = port;
|
||||||
|
ludp->lud_host = specs[i];
|
||||||
|
- specs[i] = NULL;
|
||||||
|
p = strchr(ludp->lud_host, ':');
|
||||||
|
if (p != NULL) {
|
||||||
|
/* more than one :, IPv6 address */
|
||||||
|
if ( strchr(p+1, ':') != NULL ) {
|
||||||
|
/* allow [address] and [address]:port */
|
||||||
|
if ( *ludp->lud_host == '[' ) {
|
||||||
|
- p = LDAP_STRDUP(ludp->lud_host+1);
|
||||||
|
- /* copied, make sure we free source later */
|
||||||
|
- specs[i] = ludp->lud_host;
|
||||||
|
- ludp->lud_host = p;
|
||||||
|
- p = strchr( ludp->lud_host, ']' );
|
||||||
|
+ p = strchr( ludp->lud_host+1, ']' );
|
||||||
|
if ( p == NULL ) {
|
||||||
|
LDAP_FREE(ludp);
|
||||||
|
ldap_charray_free(specs);
|
||||||
|
return LDAP_PARAM_ERROR;
|
||||||
|
}
|
||||||
|
- *p++ = '\0';
|
||||||
|
+ /* Truncate trailing ']' and shift hostname down 1 char */
|
||||||
|
+ *p = '\0';
|
||||||
|
+ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
|
||||||
|
+ p++;
|
||||||
|
if ( *p != ':' ) {
|
||||||
|
if ( *p != '\0' ) {
|
||||||
|
LDAP_FREE(ludp);
|
||||||
|
@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- ldap_pvt_hex_unescape(ludp->lud_host);
|
||||||
|
ludp->lud_scheme = LDAP_STRDUP("ldap");
|
||||||
|
+ if ( ludp->lud_scheme == NULL ) {
|
||||||
|
+ LDAP_FREE(ludp);
|
||||||
|
+ ldap_charray_free(specs);
|
||||||
|
+ return LDAP_NO_MEMORY;
|
||||||
|
+ }
|
||||||
|
+ specs[i] = NULL;
|
||||||
|
+ ldap_pvt_hex_unescape(ludp->lud_host);
|
||||||
|
ludp->lud_next = *ludlist;
|
||||||
|
*ludlist = ludp;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* this should be an array of NULLs now */
|
||||||
|
- /* except entries starting with [ */
|
||||||
|
ldap_charray_free(specs);
|
||||||
|
return LDAP_SUCCESS;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Howard Chu <hyc@openldap.org>
|
||||||
|
Date: Wed, 24 Aug 2022 14:40:51 +0100
|
||||||
|
Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
|
||||||
|
|
||||||
|
Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
|
||||||
|
---
|
||||||
|
libraries/libldap/fetch.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
|
||||||
|
index 9e426dc647..536871bcfe 100644
|
||||||
|
--- a/libraries/libldap/fetch.c
|
||||||
|
+++ b/libraries/libldap/fetch.c
|
||||||
|
@@ -69,6 +69,8 @@ ldif_open_url(
|
||||||
|
}
|
||||||
|
|
||||||
|
p = ber_strdup( urlstr );
|
||||||
|
+ if ( p == NULL )
|
||||||
|
+ return NULL;
|
||||||
|
|
||||||
|
/* But we should convert to LDAP_DIRSEP before use */
|
||||||
|
if ( LDAP_DIRSEP[0] != '/' ) {
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: 2.4.46
|
Version: 2.4.46
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
Summary: LDAP support libraries
|
Summary: LDAP support libraries
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
URL: http://www.openldap.org/
|
URL: http://www.openldap.org/
|
||||||
@ -58,6 +58,8 @@ Patch61: openldap-cbinding-Convert-test077-to-LDIF-config.patch
|
|||||||
Patch62: openldap-cbinding-Update-keys-to-RSA-4096.patch
|
Patch62: openldap-cbinding-Update-keys-to-RSA-4096.patch
|
||||||
Patch63: openldap-add-TLS_REQSAN-option.patch
|
Patch63: openldap-add-TLS_REQSAN-option.patch
|
||||||
Patch64: openldap-change-TLS_REQSAN-default-to-TRY.patch
|
Patch64: openldap-change-TLS_REQSAN-default-to-TRY.patch
|
||||||
|
Patch65: 0001-ITS-9904-ldap_url_parsehosts-check-for-strdup-failur.patch
|
||||||
|
Patch66: 0001-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
|
||||||
|
|
||||||
# check-password module specific patches
|
# check-password module specific patches
|
||||||
Patch90: check-password-makefile.patch
|
Patch90: check-password-makefile.patch
|
||||||
@ -153,6 +155,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
|
|||||||
%patch62 -p1
|
%patch62 -p1
|
||||||
%patch63 -p1
|
%patch63 -p1
|
||||||
%patch64 -p1
|
%patch64 -p1
|
||||||
|
%patch65 -p1
|
||||||
|
%patch66 -p1
|
||||||
|
|
||||||
# build smbk5pwd with other overlays
|
# build smbk5pwd with other overlays
|
||||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||||
@ -522,6 +526,10 @@ exit 0
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 30 2024 Simon Pichugin <spichugi@redhat.com> - 2.4.46-19
|
||||||
|
- Bump version to 2.4.46-19
|
||||||
|
- Resolves: RHEL-34283 - openldap: null pointer dereference in ber_memalloc_x function
|
||||||
|
|
||||||
* Thu Aug 5 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.46-18
|
* Thu Aug 5 2021 Simon Pichugin <spichugi@redhat.com> - 2.4.46-18
|
||||||
- Add TLS_REQSAN option and change the default to TRY (#1814674)
|
- Add TLS_REQSAN option and change the default to TRY (#1814674)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user