CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452) obsolete configuration file moved to /usr/share/openldap-servers (#612602)
This commit is contained in:
parent
2acd98790b
commit
13c47e0e20
74
openldap-2.4.22-modrdn-segfault.patch
Normal file
74
openldap-2.4.22-modrdn-segfault.patch
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
bz #605448 CVE-2010-0211 openldap: modrdn processing uninitialized pointer free
|
||||||
|
bz #605452 CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
|
||||||
|
|
||||||
|
diff -urp openldap-2.4.22/servers/slapd/dn.c openldap-2.4.22.new/servers/slapd/dn.c
|
||||||
|
--- openldap-2.4.22/servers/slapd/dn.c 2010-04-13 22:23:14.000000000 +0200
|
||||||
|
+++ openldap-2.4.22.new/servers/slapd/dn.c 2010-07-19 17:57:51.974346501 +0200
|
||||||
|
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned f
|
||||||
|
ava->la_attr = ad->ad_cname;
|
||||||
|
|
||||||
|
if( ava->la_flags & LDAP_AVA_BINARY ) {
|
||||||
|
- if( ava->la_value.bv_len == 0 ) {
|
||||||
|
- /* BER encoding is empty */
|
||||||
|
- return LDAP_INVALID_SYNTAX;
|
||||||
|
- }
|
||||||
|
+ /* AVA is binary encoded, not supported */
|
||||||
|
+ return LDAP_INVALID_SYNTAX;
|
||||||
|
|
||||||
|
/* Do not allow X-ORDERED 'VALUES' naming attributes */
|
||||||
|
} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
|
||||||
|
return LDAP_INVALID_SYNTAX;
|
||||||
|
|
||||||
|
- /* AVA is binary encoded, don't muck with it */
|
||||||
|
} else if( flags & SLAP_LDAPDN_PRETTY ) {
|
||||||
|
transf = ad->ad_type->sat_syntax->ssyn_pretty;
|
||||||
|
if( !transf ) {
|
||||||
|
@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned f
|
||||||
|
ava->la_value = bv;
|
||||||
|
ava->la_flags |= LDAP_AVA_FREE_VALUE;
|
||||||
|
}
|
||||||
|
+ /* reject empty values */
|
||||||
|
+ if (!ava->la_value.bv_len) {
|
||||||
|
+ return LDAP_INVALID_SYNTAX;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
rc = LDAP_SUCCESS;
|
||||||
|
|
||||||
|
diff -urp openldap-2.4.22/servers/slapd/modrdn.c openldap-2.4.22.new/servers/slapd/modrdn.c
|
||||||
|
--- openldap-2.4.22/servers/slapd/modrdn.c 2010-04-13 22:23:16.000000000 +0200
|
||||||
|
+++ openldap-2.4.22.new/servers/slapd/modrdn.c 2010-07-19 17:57:51.975346274 +0200
|
||||||
|
@@ -445,12 +445,19 @@ slap_modrdn2mods(
|
||||||
|
mod_tmp->sml_values[1].bv_val = NULL;
|
||||||
|
if( desc->ad_type->sat_equality->smr_normalize) {
|
||||||
|
mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
|
||||||
|
- (void) (*desc->ad_type->sat_equality->smr_normalize)(
|
||||||
|
+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
|
||||||
|
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
|
||||||
|
desc->ad_type->sat_syntax,
|
||||||
|
desc->ad_type->sat_equality,
|
||||||
|
&mod_tmp->sml_values[0],
|
||||||
|
&mod_tmp->sml_nvalues[0], NULL );
|
||||||
|
+ if (rs->sr_err != LDAP_SUCCESS) {
|
||||||
|
+ ch_free(mod_tmp->sml_nvalues);
|
||||||
|
+ ch_free(mod_tmp->sml_values[0].bv_val);
|
||||||
|
+ ch_free(mod_tmp->sml_values);
|
||||||
|
+ ch_free(mod_tmp);
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
mod_tmp->sml_nvalues[1].bv_val = NULL;
|
||||||
|
} else {
|
||||||
|
mod_tmp->sml_nvalues = NULL;
|
||||||
|
diff -urp openldap-2.4.22/servers/slapd/schema_init.c openldap-2.4.22.new/servers/slapd/schema_init.c
|
||||||
|
--- openldap-2.4.22/servers/slapd/schema_init.c 2010-04-14 20:12:15.000000000 +0200
|
||||||
|
+++ openldap-2.4.22.new/servers/slapd/schema_init.c 2010-07-19 17:57:51.978346712 +0200
|
||||||
|
@@ -1735,8 +1735,9 @@ UTF8StringNormalize(
|
||||||
|
? LDAP_UTF8_APPROX : 0;
|
||||||
|
|
||||||
|
val = UTF8bvnormalize( val, &tmp, flags, ctx );
|
||||||
|
+ /* out of memory or syntax error, the former is unlikely */
|
||||||
|
if( val == NULL ) {
|
||||||
|
- return LDAP_OTHER;
|
||||||
|
+ return LDAP_INVALID_SYNTAX;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* collapse spaces (in place) */
|
@ -11,7 +11,7 @@
|
|||||||
Summary: LDAP support libraries
|
Summary: LDAP support libraries
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||||
@ -38,6 +38,7 @@ Patch11: openldap-2.4.16-doc-cacertdir.patch
|
|||||||
Patch12: openldap-2.4.21-dn2id-segfault.patch
|
Patch12: openldap-2.4.21-dn2id-segfault.patch
|
||||||
Patch13: openldap-2.4.22-ldif_h.patch
|
Patch13: openldap-2.4.22-ldif_h.patch
|
||||||
Patch14: openldap-2.4.22-libldif.patch
|
Patch14: openldap-2.4.22-libldif.patch
|
||||||
|
Patch15: openldap-2.4.22-modrdn-segfault.patch
|
||||||
|
|
||||||
# Patches for the evolution library
|
# Patches for the evolution library
|
||||||
Patch200: openldap-2.4.6-evolution-ntlm.patch
|
Patch200: openldap-2.4.6-evolution-ntlm.patch
|
||||||
@ -137,6 +138,7 @@ pushd openldap-%{version}
|
|||||||
%patch12 -p1 -b .segfault
|
%patch12 -p1 -b .segfault
|
||||||
%patch13 -p1 -b .ldif_h
|
%patch13 -p1 -b .ldif_h
|
||||||
%patch14 -p1 -b .libldif
|
%patch14 -p1 -b .libldif
|
||||||
|
%patch15 -p1 -b .modrdn-segfault
|
||||||
|
|
||||||
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
||||||
popd
|
popd
|
||||||
@ -379,12 +381,6 @@ install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat
|
|||||||
install -m644 %SOURCE6 \
|
install -m644 %SOURCE6 \
|
||||||
$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/
|
$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/
|
||||||
|
|
||||||
# Move doc files out of _sysconfdir
|
|
||||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/README README.schema
|
|
||||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/DB_CONFIG.example DB_CONFIG.example
|
|
||||||
chmod 0644 DB_CONFIG.example
|
|
||||||
chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
|
|
||||||
|
|
||||||
# Move slapd and slurpd out of _libdir
|
# Move slapd and slurpd out of _libdir
|
||||||
mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
|
mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
|
||||||
rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||||
@ -395,9 +391,18 @@ for X in acl add auth cat dn index passwd test schema; do ln -s slapd $RPM_BUILD
|
|||||||
chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
|
chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
|
||||||
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
|
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
|
||||||
|
|
||||||
# Add files and dirs which would be created by %post scriptlet
|
# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)
|
||||||
touch $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.conf.bak
|
# new configuration will be generated in %post
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openldap-servers
|
||||||
mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
|
mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
|
||||||
|
mv $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.conf $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||||
|
chmod 0644 $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||||
|
|
||||||
|
# Move doc files out of _sysconfdir
|
||||||
|
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/README README.schema
|
||||||
|
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||||
|
chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
|
||||||
|
chmod 0644 $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||||
|
|
||||||
# Remove files which we don't want packaged.
|
# Remove files which we don't want packaged.
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
|
||||||
@ -529,8 +534,15 @@ chmod 640 slapd.pem
|
|||||||
popd
|
popd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then
|
if [ `find %{_sysconfdir}/openldap/slapd.d -maxdepth 0 -empty | wc -l` = "1" ]; then
|
||||||
# if there is no slapd.conf, we probably already have new configuration in place
|
# configuration in slapd.d not available
|
||||||
|
|
||||||
|
[ ! -f %{_sysconfdir}/openldap/slapd.conf ]
|
||||||
|
fresh_install=$?
|
||||||
|
|
||||||
|
[ $fresh_install -eq 0 ] && \
|
||||||
|
cp %{_datadir}/openldap-servers/slapd.conf.obsolete %{_sysconfdir}/openldap/slapd.conf
|
||||||
|
|
||||||
mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
|
mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
|
||||||
mkdir -p %{_sysconfdir}/openldap/slapd.d/
|
mkdir -p %{_sysconfdir}/openldap/slapd.d/
|
||||||
lines=`egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
|
lines=`egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
|
||||||
@ -550,8 +562,9 @@ EOF
|
|||||||
chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d
|
chmod -R u+rwX %{_sysconfdir}/openldap/slapd.d
|
||||||
rm -f %{_sysconfdir}/openldap/slapd.conf
|
rm -f %{_sysconfdir}/openldap/slapd.conf
|
||||||
rm -f %{_sharedstatedir}/ldap/__db* %{_sharedstatedir}/ldap/alock
|
rm -f %{_sharedstatedir}/ldap/__db* %{_sharedstatedir}/ldap/alock
|
||||||
fi
|
|
||||||
|
|
||||||
|
[ $fresh_install -eq 0 ] && rm -f %{_sysconfdir}/openldap/slapd.conf.bak
|
||||||
|
fi
|
||||||
|
|
||||||
if [ $1 -ge 1 ] ; then
|
if [ $1 -ge 1 ] ; then
|
||||||
/sbin/service slapd condrestart &>/dev/null
|
/sbin/service slapd condrestart &>/dev/null
|
||||||
@ -607,14 +620,12 @@ fi
|
|||||||
%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||||
%doc openldap-%{version}/doc/guide/admin/*.html
|
%doc openldap-%{version}/doc/guide/admin/*.html
|
||||||
%doc openldap-%{version}/doc/guide/admin/*.png
|
%doc openldap-%{version}/doc/guide/admin/*.png
|
||||||
%attr(0644,root,root) %doc DB_CONFIG.example
|
|
||||||
%doc README.schema
|
%doc README.schema
|
||||||
%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
|
%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
|
||||||
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
|
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
|
||||||
%attr(0640,root,ldap) %config(noreplace,missingok) %{_sysconfdir}/openldap/slapd.conf
|
%attr(0750,ldap,ldap) %dir %config(noreplace) %{_sysconfdir}/openldap/slapd.d
|
||||||
%attr(0640,root,ldap) %ghost %{_sysconfdir}/openldap/slapd.conf.bak
|
|
||||||
%attr(0640,ldap,ldap) %ghost %{_sysconfdir}/openldap/slapd.d
|
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ldap
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ldap
|
||||||
|
%attr(0755,root,root) %dir %config(noreplace) %{_sysconfdir}/openldap/schema
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.schema*
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.schema*
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.ldif
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.ldif
|
||||||
%attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema/redhat
|
%attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema/redhat
|
||||||
@ -628,6 +639,11 @@ fi
|
|||||||
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
|
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
|
||||||
%attr(0755,root,root) %dir %{_libdir}/openldap
|
%attr(0755,root,root) %dir %{_libdir}/openldap
|
||||||
%attr(0755,root,root) %{_libdir}/openldap/[^b]*
|
%attr(0755,root,root) %{_libdir}/openldap/[^b]*
|
||||||
|
%attr(0755,root,root) %dir %{_datadir}/openldap-servers
|
||||||
|
%attr(0644,root,root) %{_datadir}/openldap-servers/*
|
||||||
|
# obsolete configuration
|
||||||
|
%attr(0640,ldap,ldap) %ghost %config(noreplace,missingok) %{_sysconfdir}/openldap/slapd.conf
|
||||||
|
%attr(0640,ldap,ldap) %ghost %config(noreplace,missingok) %{_sysconfdir}/openldap/slapd.conf.bak
|
||||||
|
|
||||||
%files servers-sql
|
%files servers-sql
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -655,6 +671,11 @@ fi
|
|||||||
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 20 2010 Jan Vcelak <jvcelak@redhat.com> - 2.4.22-6
|
||||||
|
- CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
|
||||||
|
- CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)
|
||||||
|
- obsolete configuration file moved to /usr/share/openldap-servers (#612602)
|
||||||
|
|
||||||
* Thu Jul 01 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.22-5
|
* Thu Jul 01 2010 Jan Zeleny <jzeleny@redhat.com> - 2.4.22-5
|
||||||
- another shot at previous fix
|
- another shot at previous fix
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user