rpms/openldap/F-12 openldap-2.4.19-modrdn-segfault.patch, NONE, 1.1 openldap.spec, 1.159, 1.160
jvcelak
jvcelak at fedoraproject.org
Tue Jul 20 17:17:23 UTC 2010
Author: jvcelak
Update of /cvs/pkgs/rpms/openldap/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv30338
Modified Files:
openldap.spec
Added Files:
openldap-2.4.19-modrdn-segfault.patch
Log Message:
CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)
openldap-2.4.19-modrdn-segfault.patch:
dn.c | 11 ++++++-----
modrdn.c | 9 ++++++++-
schema_init.c | 3 ++-
3 files changed, 16 insertions(+), 7 deletions(-)
--- NEW FILE openldap-2.4.19-modrdn-segfault.patch ---
bz #605448 CVE-2010-0211 openldap: modrdn processing uninitialized pointer free
bz #605452 CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
diff -ru openldap-2.4.19.old/servers/slapd/dn.c openldap-2.4.19.new/servers/slapd/dn.c
--- openldap-2.4.19.old/servers/slapd/dn.c 2009-08-13 01:38:56.000000000 +0200
+++ openldap-2.4.19.new/servers/slapd/dn.c 2010-07-20 18:42:20.065806556 +0200
@@ -302,16 +302,13 @@
ava->la_attr = ad->ad_cname;
if( ava->la_flags & LDAP_AVA_BINARY ) {
- if( ava->la_value.bv_len == 0 ) {
- /* BER encoding is empty */
- return LDAP_INVALID_SYNTAX;
- }
+ /* AVA is binary encoded, not supported */
+ return LDAP_INVALID_SYNTAX;
/* Do not allow X-ORDERED 'VALUES' naming attributes */
} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
return LDAP_INVALID_SYNTAX;
- /* AVA is binary encoded, don't muck with it */
} else if( flags & SLAP_LDAPDN_PRETTY ) {
transf = ad->ad_type->sat_syntax->ssyn_pretty;
if( !transf ) {
@@ -379,6 +376,10 @@
ava->la_value = bv;
ava->la_flags |= LDAP_AVA_FREE_VALUE;
}
+ /* reject empty values */
+ if (!ava->la_value.bv_len) {
+ return LDAP_INVALID_SYNTAX;
+ }
}
rc = LDAP_SUCCESS;
diff -ru openldap-2.4.19.old/servers/slapd/modrdn.c openldap-2.4.19.new/servers/slapd/modrdn.c
--- openldap-2.4.19.old/servers/slapd/modrdn.c 2009-01-22 01:01:01.000000000 +0100
+++ openldap-2.4.19.new/servers/slapd/modrdn.c 2010-07-20 18:42:20.065806556 +0200
@@ -445,12 +445,19 @@
mod_tmp->sml_values[1].bv_val = NULL;
if( desc->ad_type->sat_equality->smr_normalize) {
mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
- (void) (*desc->ad_type->sat_equality->smr_normalize)(
+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
desc->ad_type->sat_syntax,
desc->ad_type->sat_equality,
&mod_tmp->sml_values[0],
&mod_tmp->sml_nvalues[0], NULL );
+ if (rs->sr_err != LDAP_SUCCESS) {
+ ch_free(mod_tmp->sml_nvalues);
+ ch_free(mod_tmp->sml_values[0].bv_val);
+ ch_free(mod_tmp->sml_values);
+ ch_free(mod_tmp);
+ goto done;
+ }
mod_tmp->sml_nvalues[1].bv_val = NULL;
} else {
mod_tmp->sml_nvalues = NULL;
diff -ru openldap-2.4.19.old/servers/slapd/schema_init.c openldap-2.4.19.new/servers/slapd/schema_init.c
--- openldap-2.4.19.old/servers/slapd/schema_init.c 2009-08-13 02:35:54.000000000 +0200
+++ openldap-2.4.19.new/servers/slapd/schema_init.c 2010-07-20 18:42:20.069806353 +0200
@@ -1732,8 +1732,9 @@
? LDAP_UTF8_APPROX : 0;
val = UTF8bvnormalize( val, &tmp, flags, ctx );
+ /* out of memory or syntax error, the former is unlikely */
if( val == NULL ) {
- return LDAP_OTHER;
+ return LDAP_INVALID_SYNTAX;
}
/* collapse spaces (in place) */
Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-12/openldap.spec,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -p -r1.159 -r1.160
--- openldap.spec 25 Jun 2010 22:34:11 -0000 1.159
+++ openldap.spec 20 Jul 2010 17:17:23 -0000 1.160
@@ -11,7 +11,7 @@
Summary: LDAP support libraries
Name: openldap
Version: %{version}
-Release: 5%{?dist}
+Release: 6%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -37,6 +37,7 @@ Patch10: openldap-2.4.6-multilib.patch
Patch11: openldap-2.4.16-doc-cacertdir.patch
Patch12: openldap-2.4.19-tls-accept.patch
Patch13: openldap-2.4.19-dn2id-segfault.patch
+Patch14: openldap-2.4.19-modrdn-segfault.patch
# Patches for the evolution library
Patch200: openldap-2.4.6-evolution-ntlm.patch
@@ -134,6 +135,7 @@ pushd openldap-%{version}
%patch11 -p1 -b .cacertdir
%patch12 -p1 -b .tls-accept
%patch13 -p1 -b .segfault
+%patch14 -p1 -b .modrdn-segfault
cp %{_datadir}/libtool/config/config.{sub,guess} build/
popd
@@ -635,6 +637,10 @@ fi
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Tue Jul 20 2010 Jan Vcelak <jvcelak at redhat.com> - 2.4.19-6
+- CVE-2010-0211 openldap: modrdn processing uninitialized pointer free (#605448)
+- CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference (#605452)
+
* Fri Jun 25 2010 Jan Zeleny <jzeleny at redhat.com> - 2.4.19-5
- fixed regression caused by tls accept patch
- updated autofs schema (#587722)
More information about the scm-commits
mailing list