parent
eae5b16c69
commit
62f1c6f935
44
openldap-2.3.27-ber-decode.patch
Normal file
44
openldap-2.3.27-ber-decode.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
453637, 453638, 453639, 453640,453444: CVE-2008-2952 OpenLDAP denial-of-service
|
||||||
|
flaw in ASN.1 decoder
|
||||||
|
|
||||||
|
Source: upstream, cvs diff -r 1.120 -r 1.122 libraries/liblber/io.c
|
||||||
|
|
||||||
|
Index: libraries/liblber/io.c
|
||||||
|
===================================================================
|
||||||
|
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/liblber/io.c,v
|
||||||
|
retrieving revision 1.120
|
||||||
|
retrieving revision 1.122
|
||||||
|
diff -u -r1.120 -r1.122
|
||||||
|
--- libraries/liblber/io.c 7 Jan 2008 23:20:03 -0000 1.120
|
||||||
|
+++ libraries/liblber/io.c 1 Jul 2008 23:33:15 -0000 1.122
|
||||||
|
@@ -522,14 +522,18 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
|
||||||
|
- (char *)&ber->ber_len + LENSIZE*2 -1) {
|
||||||
|
+ (char *)&ber->ber_len + LENSIZE*2) {
|
||||||
|
ber_slen_t sblen;
|
||||||
|
char buf[sizeof(ber->ber_len)-1];
|
||||||
|
ber_len_t tlen = 0;
|
||||||
|
|
||||||
|
+ /* The tag & len can be at most 9 bytes; we try to read up to 8 here */
|
||||||
|
sock_errset(0);
|
||||||
|
- sblen=ber_int_sb_read( sb, ber->ber_rwptr,
|
||||||
|
- ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
|
||||||
|
+ sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
|
||||||
|
+ /* Trying to read the last len byte of a 9 byte tag+len */
|
||||||
|
+ if (sblen<1)
|
||||||
|
+ sblen = 1;
|
||||||
|
+ sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
|
||||||
|
if (sblen<=0) return LBER_DEFAULT;
|
||||||
|
ber->ber_rwptr += sblen;
|
||||||
|
|
||||||
|
@@ -579,7 +583,7 @@
|
||||||
|
int i;
|
||||||
|
unsigned char *p = (unsigned char *)ber->ber_ptr;
|
||||||
|
int llen = *p++ & 0x7f;
|
||||||
|
- if (llen > (int)sizeof(ber_len_t)) {
|
||||||
|
+ if (llen > LENSIZE) {
|
||||||
|
sock_errset(ERANGE);
|
||||||
|
return LBER_DEFAULT;
|
||||||
|
}
|
@ -11,7 +11,7 @@
|
|||||||
Summary: The configuration files, libraries, and documentation for OpenLDAP
|
Summary: The configuration files, libraries, and documentation for OpenLDAP
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||||
@ -34,6 +34,7 @@ Patch5: openldap-2.4.6-nosql.patch
|
|||||||
Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
|
Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
|
||||||
Patch9: openldap-2.3.37-smbk5pwd.patch
|
Patch9: openldap-2.3.37-smbk5pwd.patch
|
||||||
Patch10: openldap-2.4.6-multilib.patch
|
Patch10: openldap-2.4.6-multilib.patch
|
||||||
|
Patch11: openldap-2.3.27-ber-decode.patch
|
||||||
|
|
||||||
# Patches for the evolution library
|
# Patches for the evolution library
|
||||||
Patch200: openldap-2.4.6-evolution-ntlm.patch
|
Patch200: openldap-2.4.6-evolution-ntlm.patch
|
||||||
@ -131,6 +132,7 @@ pushd openldap-%{version}
|
|||||||
%patch6 -p1 -b .gethostbyname_r
|
%patch6 -p1 -b .gethostbyname_r
|
||||||
%patch9 -p1 -b .smbk5pwd
|
%patch9 -p1 -b .smbk5pwd
|
||||||
%patch10 -p1 -b .multilib
|
%patch10 -p1 -b .multilib
|
||||||
|
%patch11 -p0 -b .ber-decode
|
||||||
|
|
||||||
cp %{_datadir}/libtool/config.{sub,guess} build/
|
cp %{_datadir}/libtool/config.{sub,guess} build/
|
||||||
popd
|
popd
|
||||||
@ -597,6 +599,9 @@ fi
|
|||||||
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 2 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-2
|
||||||
|
- fix CVE-2008-2952 (#453728)
|
||||||
|
|
||||||
* Thu Jun 12 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-1
|
* Thu Jun 12 2008 Jan Safranek <jsafranek@redhat.com> 2.4.10-1
|
||||||
- new upstream release
|
- new upstream release
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user