rpms/openldap/devel openldap-2.3.27-ber-decode.patch, NONE, 1.1 openldap.spec, 1.126, 1.127
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Wed Jul 2 10:05:20 UTC 2008
- Previous message: rpms/xenner/devel .cvsignore, 1.13, 1.14 sources, 1.12, 1.13 xenner.spec, 1.20, 1.21
- Next message: rpms/openldap/F-9 openldap-2.3.27-ber-decode.patch, NONE, 1.1 openldap.spec, 1.123, 1.124
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jsafrane
Update of /cvs/pkgs/rpms/openldap/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12992
Modified Files:
openldap.spec
Added Files:
openldap-2.3.27-ber-decode.patch
Log Message:
fix CVE-2008-2952
Resolves: #453728
openldap-2.3.27-ber-decode.patch:
--- NEW FILE openldap-2.3.27-ber-decode.patch ---
453637, 453638, 453639, 453640,453444: CVE-2008-2952 OpenLDAP denial-of-service
flaw in ASN.1 decoder
Source: upstream, cvs diff -r 1.120 -r 1.122 libraries/liblber/io.c
Index: libraries/liblber/io.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/liblber/io.c,v
retrieving revision 1.120
retrieving revision 1.122
diff -u -r1.120 -r1.122
--- libraries/liblber/io.c 7 Jan 2008 23:20:03 -0000 1.120
+++ libraries/liblber/io.c 1 Jul 2008 23:33:15 -0000 1.122
@@ -522,14 +522,18 @@
}
while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
- (char *)&ber->ber_len + LENSIZE*2 -1) {
+ (char *)&ber->ber_len + LENSIZE*2) {
ber_slen_t sblen;
char buf[sizeof(ber->ber_len)-1];
ber_len_t tlen = 0;
+ /* The tag & len can be at most 9 bytes; we try to read up to 8 here */
sock_errset(0);
- sblen=ber_int_sb_read( sb, ber->ber_rwptr,
- ((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
+ sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
+ /* Trying to read the last len byte of a 9 byte tag+len */
+ if (sblen<1)
+ sblen = 1;
+ sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
if (sblen<=0) return LBER_DEFAULT;
ber->ber_rwptr += sblen;
@@ -579,7 +583,7 @@
int i;
unsigned char *p = (unsigned char *)ber->ber_ptr;
int llen = *p++ & 0x7f;
- if (llen > (int)sizeof(ber_len_t)) {
+ if (llen > LENSIZE) {
sock_errset(ERANGE);
return LBER_DEFAULT;
}
Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/devel/openldap.spec,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -r1.126 -r1.127
--- openldap.spec 12 Jun 2008 07:42:29 -0000 1.126
+++ openldap.spec 2 Jul 2008 10:04:30 -0000 1.127
@@ -11,7 +11,7 @@
Summary: The configuration files, libraries, and documentation for OpenLDAP
Name: openldap
Version: %{version}
-Release: 1%{?dist}
+Release: 2%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -34,6 +34,7 @@
Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
Patch9: openldap-2.3.37-smbk5pwd.patch
Patch10: openldap-2.4.6-multilib.patch
+Patch11: openldap-2.3.27-ber-decode.patch
# Patches for the evolution library
Patch200: openldap-2.4.6-evolution-ntlm.patch
@@ -131,6 +132,7 @@
%patch6 -p1 -b .gethostbyname_r
%patch9 -p1 -b .smbk5pwd
%patch10 -p1 -b .multilib
+%patch11 -p0 -b .ber-decode
cp %{_datadir}/libtool/config.{sub,guess} build/
popd
@@ -597,6 +599,9 @@
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Wed Jul 2 2008 Jan Safranek <jsafranek at redhat.com> 2.4.10-2
+- fix CVE-2008-2952 (#453728)
+
* Thu Jun 12 2008 Jan Safranek <jsafranek at redhat.com> 2.4.10-1
- new upstream release
- Previous message: rpms/xenner/devel .cvsignore, 1.13, 1.14 sources, 1.12, 1.13 xenner.spec, 1.20, 1.21
- Next message: rpms/openldap/F-9 openldap-2.3.27-ber-decode.patch, NONE, 1.1 openldap.spec, 1.123, 1.124
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list