packages/openldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!92 [sync] PR-91: fix cve-2023-2953

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zengwefeng 
Signed-off-by: @zengwefeng
This commit is contained in:
openeuler-ci-bot 2023-06-25 11:21:00 +00:00 committed by Gitee
commit 4b26f130b9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 79 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
backport-ITS-9904-check-for-strdup-failure.patch Normal file
View File

@ -0,0 +1,70 @@
From 3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 25 Aug 2022 16:13:21 +0100
Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
failure when dup'ing scheme.
Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
---
libraries/libldap/url.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
index 7e56564265..8df0abd044 100644
--- a/libraries/libldap/url.c
+++ b/libraries/libldap/url.c
@@ -1386,24 +1386,22 @@ ldap_url_parsehosts(
}
ludp->lud_port = port;
ludp->lud_host = specs[i];
- specs[i] = NULL;
p = strchr(ludp->lud_host, ':');
if (p != NULL) {
/* more than one :, IPv6 address */
if ( strchr(p+1, ':') != NULL ) {
/* allow [address] and [address]:port */
if ( *ludp->lud_host == '[' ) {
- p = LDAP_STRDUP(ludp->lud_host+1);
- /* copied, make sure we free source later */
- specs[i] = ludp->lud_host;
- ludp->lud_host = p;
- p = strchr( ludp->lud_host, ']' );
+ p = strchr( ludp->lud_host+1, ']' );
if ( p == NULL ) {
LDAP_FREE(ludp);
ldap_charray_free(specs);
return LDAP_PARAM_ERROR;
}
- *p++ = '\0';
+ /* Truncate trailing ']' and shift hostname down 1 char */
+ *p = '\0';
+ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
+ p++;
if ( *p != ':' ) {
if ( *p != '\0' ) {
LDAP_FREE(ludp);
@@ -1429,14 +1427,19 @@ ldap_url_parsehosts(
}
}
}
- ldap_pvt_hex_unescape(ludp->lud_host);
ludp->lud_scheme = LDAP_STRDUP("ldap");
+ if ( ludp->lud_scheme == NULL ) {
+ LDAP_FREE(ludp);
+ ldap_charray_free(specs);
+ return LDAP_NO_MEMORY;
+ }
+ specs[i] = NULL;
+ ldap_pvt_hex_unescape(ludp->lud_host);
ludp->lud_next = *ludlist;
*ludlist = ludp;
}
/* this should be an array of NULLs now */
- /* except entries starting with [ */
ldap_charray_free(specs);
return LDAP_SUCCESS;
}
--

10
openldap.spec
View File

@ -2,7 +2,7 @@
Name: openldap
Version: 2.6.0
Release: 5
Release: 6
Summary: LDAP support libraries
License: OpenLDAP
URL: https://www.openldap.org/
@ -65,6 +65,7 @@ Patch6034: backport-ITS-9876-Some-more-leaks-plugged.patch
Patch6035: backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.patch
Patch6036: backport-ITS-9898-tests-fix-slapd-addel-non-std-syntax.patch
Patch6037: backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
Patch6038: backport-ITS-9904-check-for-strdup-failure.patch
BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
@ -179,6 +180,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch6035 -p1
%patch6036 -p1
%patch6037 -p1
%patch6038 -p1
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@ -465,6 +467,12 @@ popd
%doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
%changelog
* Wed Jun 7 2023 zhujunhao <zhujunhao11@huawei.com> - 2.6.0-6
- Type:cve
- CVE:cve-2023-2953
- SUG:restart
- DESC:fix cve-2023-2953
* Tue Feb 28 2023 zhujunhao <zhujunhao11@huawei.com> - 2.6.0-5
- Type:bugfix
- ID:NA