Jan Vcelak
parent
25e27999de
commit
356af46ea6
55
openldap-cve-onebyte-buffer-overflow.patch
Normal file
55
openldap-cve-onebyte-buffer-overflow.patch
Normal file
@ -0,0 +1,55 @@
|
||||
one-byte buffer overflow in slapd
|
||||
|
||||
Resolves: #749324 (CVE-2011-4079)
|
||||
Upstream ITS: #7059
|
||||
Upstream commits: d0dd861 5072387
|
||||
Author: Howard Chu <hyc@openldap.org>
|
||||
|
||||
diff -u
|
||||
--- a/servers/slapd/schema_init.c
|
||||
+++ b/servers/slapd/schema_init.c
|
||||
@@ -1852,12 +1852,12 @@ UTF8StringNormalize(
|
||||
}
|
||||
nvalue.bv_val[nvalue.bv_len] = '\0';
|
||||
|
||||
- } else {
|
||||
+ } else if ( tmp.bv_len ) {
|
||||
/* string of all spaces is treated as one space */
|
||||
nvalue.bv_val[0] = ' ';
|
||||
nvalue.bv_val[1] = '\0';
|
||||
nvalue.bv_len = 1;
|
||||
- }
|
||||
+ } /* should never be entered with 0-length val */
|
||||
|
||||
*normalized = nvalue;
|
||||
return LDAP_SUCCESS;
|
||||
@@ -2331,13 +2331,18 @@ postalAddressNormalize(
|
||||
}
|
||||
lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val;
|
||||
|
||||
- normalized->bv_len = l;
|
||||
+ normalized->bv_len = c = l;
|
||||
|
||||
- for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) {
|
||||
+ for ( l = 0; l <= c; l++ ) {
|
||||
/* NOTE: we directly normalize each line,
|
||||
* without unescaping the values, since the special
|
||||
* values '\24' ('$') and '\5C' ('\') are not affected
|
||||
* by normalization */
|
||||
+ if ( !lines[l].bv_len ) {
|
||||
+ nlines[l].bv_len = 0;
|
||||
+ nlines[l].bv_val = NULL;
|
||||
+ continue;
|
||||
+ }
|
||||
rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
rc = LDAP_INVALID_SYNTAX;
|
||||
@@ -2350,7 +2355,7 @@ postalAddressNormalize(
|
||||
normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx );
|
||||
|
||||
p = normalized->bv_val;
|
||||
- for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) {
|
||||
+ for ( l = 0; l <= c ; l++ ) {
|
||||
p = lutil_strbvcopy( p, &nlines[l] );
|
||||
*p++ = '$';
|
||||
}
|
||||
@ -43,6 +43,7 @@ Patch16: openldap-dns-priority.patch
|
||||
Patch17: openldap-man-ldap-sync.patch
|
||||
Patch18: openldap-nss-handshake-threadsafe.patch
|
||||
Patch19: openldap-syncrepl-unset-tls-options.patch
|
||||
Patch20: openldap-cve-onebyte-buffer-overflow.patch
|
||||
|
||||
# Fedora specific patches
|
||||
Patch100: openldap-fedora-systemd.patch
|
||||
@ -155,6 +156,7 @@ pushd openldap-%{version}
|
||||
%patch17 -p1 -b .man-ldap-sync
|
||||
%patch18 -p1 -b .nss-handshake-threadsafe
|
||||
%patch19 -p1 -b .syncrepl-unset-tls-options
|
||||
%patch20 -p1 -b .cve-onebyte-buffer-overflow
|
||||
|
||||
%patch100 -p1 -b .fedora-systemd
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user