[openldap/f16] fix: slapd segfaults when PEM certificate is used and key is not set

jvcelak jvcelak at fedoraproject.org
Tue Jan 31 17:35:39 UTC 2012 

commit 6fadcc15ce545a638f44ce3e3d350ff45ccb6060
Author: Jan Vcelak <jvcelak at redhat.com>
Date:   Tue Jan 31 18:11:36 2012 +0100

    fix: slapd segfaults when PEM certificate is used and key is not set
    
    Resolves: #772890

 openldap-nss-segfault-key-not-set.patch |   22 ++++++++++++++++++++++
 openldap.spec                           |    3 +++
 2 files changed, 25 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-segfault-key-not-set.patch b/openldap-nss-segfault-key-not-set.patch
new file mode 100644
index 0000000..5511225
--- /dev/null
+++ b/openldap-nss-segfault-key-not-set.patch
@@ -0,0 +1,22 @@
+MozNSS + PEM: fix segfault when TLS certificate key is not set
+
+Upstream ITS: #7135
+Upstream commit: 1107103dd7e767db9c080b3276cb6e742fcf36a1
+Resolves: #772890
+Author: Jan Vcelak <jvcelak at redhat.com>
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 09348b7..da230c5 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -2267,8 +2267,8 @@ tlsm_deferred_ctx_init( void *arg )
+ 		}
+ 	} else { /* set up secure server */
+ 		SSLKEAType certKEA;
+-		CERTCertificate *serverCert;
+-		SECKEYPrivateKey *serverKey;
++		CERTCertificate *serverCert = NULL;
++		SECKEYPrivateKey *serverKey = NULL;
+ 		SECStatus status;
+ 
+ 		/* must have a certificate for the server to use */
diff --git a/openldap.spec b/openldap.spec
index 50468e3..4aaef84 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -43,6 +43,7 @@ Patch17: openldap-man-ldap-sync.patch
 Patch18: openldap-nss-handshake-threadsafe.patch
 Patch19: openldap-syncrepl-unset-tls-options.patch
 Patch20: openldap-nss-deferred-init-copy-params.patch
+Patch21: openldap-nss-segfault-key-not-set.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -156,6 +157,7 @@ pushd openldap-%{version}
 %patch18 -p1 -b .nss-handshake-threadsafe
 %patch19 -p1 -b .syncrepl-unset-tls-options
 %patch20 -p1 -b .nss-deferred-init-copy-params
+%patch21 -p1 -b .nss-segfault-key-not-set
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -684,6 +686,7 @@ exit 0
 * Tue Jan 31 2012 Jan Vcelak <jvcelak at redhat.com> 2.4.26-6
 - fix requires of main package to include %{?_isa}
 - fix: replication (syncrepl) with TLS causes segfault (#783431)
+- fix: slapd segfaults when PEM certificate is used and key is not set (#772890)
 
 * Thu Oct 06 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.26-5
 - rebuild: openldap does not work after libdb rebase (#743824)

More information about the scm-commits mailing list