rpms/openldap
6
0
Fork 0
Code Issues Pull Requests Releases Activity

fix: memleak in tlsm_auth_cert_handler

Browse Source 
Resolves: #717730
This commit is contained in:
Jan Vcelak 2011-07-20 16:30:37 +02:00
parent 583cde50ed
commit c90fe38088
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openldap-nss-free-peer-cert.patch Normal file
View File

@ -0,0 +1,28 @@
memleak in tlsm_auth_cert_handler
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate. This value is allocated and/or cached. We must
destroy it using CERT_DestroyCertificate.
Author: Rich Megginson <rmeggins@redhat.com>
Upstream ITS: #6980
Upstream commit: d944920
Resolves: #717730
diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23.fix/libraries/libldap/tls_m.c
--- openldap-2.4.23/libraries/libldap/tls_m.c 2011-07-18 15:54:03.719226863 +0200
+++ openldap-2.4.23.fix/libraries/libldap/tls_m.c 2011-07-18 16:02:59.284531374 +0200
@@ -1034,10 +1034,12 @@ tlsm_auth_cert_handler(void *arg, PRFile
{
SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
SECStatus ret = SECSuccess;
+ CERTCertificate *peercert = SSL_PeerCertificate( fd );
- ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
+ ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
SSL_RevealPinArg( fd ),
checksig, certUsage, 0 );
+ CERT_DestroyCertificate( peercert );
return ret;
}

3
openldap.spec
View File

@ -26,6 +26,7 @@ Patch3: openldap-reentrant-gethostby.patch
Patch4: openldap-smbk5pwd-overlay.patch Patch4: openldap-smbk5pwd-overlay.patch
Patch5: openldap-ldaprc-currentdir.patch Patch5: openldap-ldaprc-currentdir.patch
Patch6: openldap-userconfig-setgid.patch Patch6: openldap-userconfig-setgid.patch
Patch7: openldap-nss-free-peer-cert.patch
# patches for the evolution library (see README.evolution) # patches for the evolution library (see README.evolution)
Patch200: openldap-evolution-ntlm.patch Patch200: openldap-evolution-ntlm.patch
@ -125,6 +126,7 @@ pushd openldap-%{version}
%patch4 -p1 -b .smbk5pwd-overlay %patch4 -p1 -b .smbk5pwd-overlay
%patch5 -p1 -b .ldaprc-currentdir %patch5 -p1 -b .ldaprc-currentdir
%patch6 -p1 -b .userconfig-setgid %patch6 -p1 -b .userconfig-setgid
%patch7 -p1 -b .nss-free-peer-cert
cp %{_datadir}/libtool/config/config.{sub,guess} build/ cp %{_datadir}/libtool/config/config.{sub,guess} build/
@ -649,6 +651,7 @@ exit 0
%changelog %changelog
* Wed Jul 20 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-1 * Wed Jul 20 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-1
- rebase to new upstream release - rebase to new upstream release
- fix: memleak in tlsm_auth_cert_handler (#717730)
* Mon Jun 27 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.25-1 * Mon Jun 27 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.25-1
- rebase to new upstream release - rebase to new upstream release