slapi-nis/SOURCES/cve-2021-3480-fix.patch

34 lines
1.0 KiB
Diff

From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 7 Apr 2021 14:40:52 +0300
Subject: [PATCH] CVE-2021-3480: invalid bind DN crash
For certain LDAP bind operations 389-ds would pass unvalidated bind DN
to bind plugins. A first attempt to normalize the DN would find that out
and should reject the request.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/back-sch.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/back-sch.c b/src/back-sch.c
index a5e4c04..d806627 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
rdn = slapi_rdn_new_sdn(cbdata->target_dn);
if (rdn != NULL) {
rdnstr = slapi_rdn_get_nrdn(rdn);
+ if (rdnstr == NULL) {
+ /* normalizing RDN failed, break the search */
+ slapi_rdn_free(&rdn);
+ return FALSE;
+ }
if (map_match(cbdata->state, group, set, &flag,
strlen(rdnstr), rdnstr,
&ndnlen, &ndn,
--
2.31.1