fix: reading pin from file can make all TLS connections hang
Resolves: #829317
This commit is contained in:
Jan Vcelak
parent
0cda8087e0
commit
fe1c1e0eeb
31
openldap-nss-clean-memory-for-token-pin.patch
Normal file
31
openldap-nss-clean-memory-for-token-pin.patch
Normal file
@ -0,0 +1,31 @@
|
||||
MozNSS: read pin from file file can cause infinite loop
|
||||
|
||||
The buffer allocated for reading password file has to be initialized
|
||||
with zeros, or we need to append zero at the end of the file. Otherwise
|
||||
we might read unitialized memory and consider it to be a password.
|
||||
|
||||
Author: Jan Vcelak <jvcelak@redhat.com>
|
||||
Upstream ITS: #7291
|
||||
Upstream commit: 00d0e162720b8cf03b9e5428892158f0768db9a6
|
||||
Resolves: #829317
|
||||
|
||||
---
|
||||
libraries/libldap/tls_m.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
||||
index d71fec7..2e755eb 100644
|
||||
--- a/libraries/libldap/tls_m.c
|
||||
+++ b/libraries/libldap/tls_m.c
|
||||
@@ -786,7 +786,7 @@ tlsm_get_pin_from_file(const char *token_name, tlsm_ctx *ctx)
|
||||
}
|
||||
|
||||
/* create a buffer to hold the file contents */
|
||||
- if ( !( contents = PR_MALLOC( file_info.size + 1 ) ) ) {
|
||||
+ if ( !( contents = PR_CALLOC( file_info.size + 1 ) ) ) {
|
||||
PRErrorCode errcode = PR_GetError();
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"TLS: could not alloc a buffer for contents of pin file %s - error %d:%s.\n",
|
||||
--
|
||||
1.7.10.4
|
||||
|
||||
@ -42,6 +42,7 @@ Patch10: openldap-man-sasl-nocanon.patch
|
||||
Patch11: openldap-nss-allow-ca-dbdir-pemfile.patch
|
||||
Patch12: openldap-tls-unbind-shutdown-order.patch
|
||||
Patch13: openldap-nss-dont-overwrite-verify-cert-error.patch
|
||||
Patch14: openldap-nss-clean-memory-for-token-pin.patch
|
||||
|
||||
# Fedora specific patches
|
||||
Patch100: openldap-fedora-systemd.patch
|
||||
@ -151,6 +152,7 @@ pushd openldap-%{version}
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
|
||||
%patch100 -p1
|
||||
|
||||
@ -666,6 +668,7 @@ exit 0
|
||||
- update fix: count constraint broken when using multiple modifications (#795766)
|
||||
- fix: invalid order of TLS shutdown operations (#808464)
|
||||
- fix: TLS error messages overwriting in tlsm_verify_cert() (#810462)
|
||||
- fix: reading pin from file can make all TLS connections hang (#829317)
|
||||
|
||||
* Fri May 18 2012 Jan Vcelak <jvcelak@redhat.com> 2.4.31-2
|
||||
- fix: nss-tools package is required by the base package, not the server subpackage
|
||||
|
||||
Loading…
Reference in New Issue
Block a user