[openldap] fix: slapd segfaults when PEM certificate is used and key is not set

jvcelak jvcelak at fedoraproject.org
Tue Jan 31 17:20:02 UTC 2012 

commit 65b981d99ee4a4d557fce71b551faba9799ba697
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Tue Jan 31 18:11:36 2012 +0100

    fix: slapd segfaults when PEM certificate is used and key is not set
    
    Resolves: #772890

 openldap-nss-segfault-key-not-set.patch |   22 ++++++++++++++++++++++
 openldap.spec                           |    3 +++
 2 files changed, 25 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-segfault-key-not-set.patch b/openldap-nss-segfault-key-not-set.patch
new file mode 100644
index 0000000..5511225
--- /dev/null
+++ b/openldap-nss-segfault-key-not-set.patch
@@ -0,0 +1,22 @@
+MozNSS + PEM: fix segfault when TLS certificate key is not set
+
+Upstream ITS: #7135
+Upstream commit: 1107103dd7e767db9c080b3276cb6e742fcf36a1
+Resolves: #772890
+Author: Jan Vcelak <jvcelak at redhat.com>
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 09348b7..da230c5 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -2267,8 +2267,8 @@ tlsm_deferred_ctx_init( void *arg )
+ 		}
+ 	} else { /* set up secure server */
+ 		SSLKEAType certKEA;
+-		CERTCertificate *serverCert;
+-		SECKEYPrivateKey *serverKey;
++		CERTCertificate *serverCert = NULL;
++		SECKEYPrivateKey *serverKey = NULL;
+ 		SECStatus status;
+ 
+ 		/* must have a certificate for the server to use */
diff --git a/openldap.spec b/openldap.spec
index 72759e6..ed3d1c2 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -34,6 +34,7 @@ Patch6: openldap-userconfig-setgid.patch
 Patch7: openldap-dns-priority.patch
 Patch8: openldap-syncrepl-unset-tls-options.patch
 Patch9: openldap-nss-deferred-init-copy-params.patch
+Patch10: openldap-nss-segfault-key-not-set.patch
 
 # Fedora specific patches
 Patch100: openldap-fedora-systemd.patch
@@ -136,6 +137,7 @@ pushd openldap-%{version}
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 %patch100 -p1
 
@@ -653,6 +655,7 @@ exit 0
 %changelog
 * Tue Jan 31 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.28-3
 - fix: replication (syncrepl) with TLS causes segfault (#783431)
+- fix: slapd segfaults when PEM certificate is used and key is not set (#772890)
 
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.28-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

More information about the scm-commits mailing list