rpms/openldap
5
0
Fork 0
Code Issues Pull Requests Releases Activity

fix: reading pin from file can make all TLS connections hang

Browse Source 
Resolves: #829317
This commit is contained in:
Jan Vcelak 2012-06-27 13:48:40 +02:00
parent 0cda8087e0
commit fe1c1e0eeb
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
openldap-nss-clean-memory-for-token-pin.patch Normal file
View File

@ -0,0 +1,31 @@
MozNSS: read pin from file file can cause infinite loop
The buffer allocated for reading password file has to be initialized
with zeros, or we need to append zero at the end of the file. Otherwise
we might read unitialized memory and consider it to be a password.
Author: Jan Vcelak <jvcelak@redhat.com>
Upstream ITS: #7291
Upstream commit: 00d0e162720b8cf03b9e5428892158f0768db9a6
Resolves: #829317
---
libraries/libldap/tls_m.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index d71fec7..2e755eb 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -786,7 +786,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
}
/* create a buffer to hold the file contents */
- if ( !( contents = PR_MALLOC( file_info.size + 1 ) ) ) {
+ if ( !( contents = PR_CALLOC( file_info.size + 1 ) ) ) {
PRErrorCode errcode = PR_GetError();
Debug( LDAP_DEBUG_ANY,
"TLS: could not alloc a buffer for contents of pin file %s - error %d:%s.\n",
--
1.7.10.4

3
openldap.spec
View File

@ -42,6 +42,7 @@ Patch10: openldap-man-sasl-nocanon.patch
Patch11: openldap-nss-allow-ca-dbdir-pemfile.patch Patch11: openldap-nss-allow-ca-dbdir-pemfile.patch
Patch12: openldap-tls-unbind-shutdown-order.patch Patch12: openldap-tls-unbind-shutdown-order.patch
Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch
Patch14: openldap-nss-clean-memory-for-token-pin.patch
# Fedora specific patches # Fedora specific patches
Patch100: openldap-fedora-systemd.patch Patch100: openldap-fedora-systemd.patch
@ -151,6 +152,7 @@ pushd openldap-%{version}
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
%patch14 -p1
%patch100 -p1 %patch100 -p1
@ -666,6 +668,7 @@ exit 0
- update fix: count constraint broken when using multiple modifications (#795766) - update fix: count constraint broken when using multiple modifications (#795766)
- fix: invalid order of TLS shutdown operations (#808464) - fix: invalid order of TLS shutdown operations (#808464)
- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462) - fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)
- fix: reading pin from file can make all TLS connections hang (#829317)
* Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2 * Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
- fix: nss-tools package is required by the base package, not the server subpackage - fix: nss-tools package is required by the base package, not the server subpackage