34 lines
1.0 KiB
Diff
34 lines
1.0 KiB
Diff
From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 7 Apr 2021 14:40:52 +0300
|
|
Subject: [PATCH] CVE-2021-3480: invalid bind DN crash
|
|
|
|
For certain LDAP bind operations 389-ds would pass unvalidated bind DN
|
|
to bind plugins. A first attempt to normalize the DN would find that out
|
|
and should reject the request.
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/back-sch.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/src/back-sch.c b/src/back-sch.c
|
|
index a5e4c04..d806627 100644
|
|
--- a/src/back-sch.c
|
|
+++ b/src/back-sch.c
|
|
@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
|
|
rdn = slapi_rdn_new_sdn(cbdata->target_dn);
|
|
if (rdn != NULL) {
|
|
rdnstr = slapi_rdn_get_nrdn(rdn);
|
|
+ if (rdnstr == NULL) {
|
|
+ /* normalizing RDN failed, break the search */
|
|
+ slapi_rdn_free(&rdn);
|
|
+ return FALSE;
|
|
+ }
|
|
if (map_match(cbdata->state, group, set, &flag,
|
|
strlen(rdnstr), rdnstr,
|
|
&ndnlen, &ndn,
|
|
--
|
|
2.31.1
|
|
|