Fix CVE-2024-1062
(cherry picked from commit 2cf6e672d52382e18131d0f076f1efd888fdfb5c)
This commit is contained in:
wk333
openeuler-sync-bot
parent
2cc8d77dea
commit
ecd8b8834a
@ -6,7 +6,7 @@ ExcludeArch: i686
|
|||||||
Name: 389-ds-base
|
Name: 389-ds-base
|
||||||
Summary: Base 389 Directory Server
|
Summary: Base 389 Directory Server
|
||||||
Version: 1.4.3.36
|
Version: 1.4.3.36
|
||||||
Release: 4
|
Release: 5
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: https://www.port389.org
|
URL: https://www.port389.org
|
||||||
Source0: https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz
|
Source0: https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz
|
||||||
@ -16,6 +16,8 @@ Source3: https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jema
|
|||||||
# Refer: https://github.com/389ds/389-ds-base/pull/5374
|
# Refer: https://github.com/389ds/389-ds-base/pull/5374
|
||||||
Patch0: fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch
|
Patch0: fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch
|
||||||
Patch1: fix-dn2rdn-get-args-error.patch
|
Patch1: fix-dn2rdn-get-args-error.patch
|
||||||
|
Patch2: CVE-2024-1062-1.patch
|
||||||
|
Patch3: CVE-2024-1062-2.patch
|
||||||
|
|
||||||
BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
|
BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu
|
||||||
BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
|
BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel
|
||||||
@ -378,6 +380,9 @@ exit 0
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 05 2024 wangkai <13474090681@163.com> - 1.4.3.36-5
|
||||||
|
- Fix CVE-2024-1062
|
||||||
|
|
||||||
* Sun Feb 4 2024 liyanan <liyanan61@h-partners.com> - 1.4.3.36-4
|
* Sun Feb 4 2024 liyanan <liyanan61@h-partners.com> - 1.4.3.36-4
|
||||||
- Add requires 389-ds-base-legacy-tools
|
- Add requires 389-ds-base-legacy-tools
|
||||||
|
|
||||||
|
|||||||
116
CVE-2024-1062-1.patch
Normal file
116
CVE-2024-1062-1.patch
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001
|
||||||
|
From: progier389 <progier@redhat.com>
|
||||||
|
Date: Tue, 14 Feb 2023 13:34:10 +0100
|
||||||
|
Subject: [PATCH] issue 5647 - covscan: memory leak in audit log when adding
|
||||||
|
entries (#5650)
|
||||||
|
|
||||||
|
covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing.
|
||||||
|
Issue: 5647
|
||||||
|
Reviewed by: @mreynolds389, @droideck
|
||||||
|
---
|
||||||
|
ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++----------------
|
||||||
|
1 file changed, 38 insertions(+), 33 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
|
||||||
|
index 68cbc674dc..3128e04974 100644
|
||||||
|
--- a/ldap/servers/slapd/auditlog.c
|
||||||
|
+++ b/ldap/servers/slapd/auditlog.c
|
||||||
|
@@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb)
|
||||||
|
slapi_ch_free_string(&audit_config);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Write the attribute values to the audit log as "comments"
|
||||||
|
+ *
|
||||||
|
+ * Slapi_Attr *entry - the attribute begin logged.
|
||||||
|
+ * char *attrname - the attribute name.
|
||||||
|
+ * lenstr *l - the audit log buffer
|
||||||
|
+ *
|
||||||
|
+ * Resulting output in the log:
|
||||||
|
+ *
|
||||||
|
+ * #ATTR: VALUE
|
||||||
|
+ * #ATTR: VALUE
|
||||||
|
+ */
|
||||||
|
+static void
|
||||||
|
+log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l)
|
||||||
|
+{
|
||||||
|
+ Slapi_Value **vals = attr_get_present_values(entry_attr);
|
||||||
|
+ for(size_t i = 0; vals && vals[i]; i++) {
|
||||||
|
+ char log_val[256] = "";
|
||||||
|
+ const struct berval *bv = slapi_value_get_berval(vals[i]);
|
||||||
|
+ if (bv->bv_len >= 256) {
|
||||||
|
+ strncpy(log_val, bv->bv_val, 252);
|
||||||
|
+ strcpy(log_val+252, "...");
|
||||||
|
+ } else {
|
||||||
|
+ strncpy(log_val, bv->bv_val, bv->bv_len);
|
||||||
|
+ log_val[bv->bv_len] = 0;
|
||||||
|
+ }
|
||||||
|
+ addlenstr(l, "#");
|
||||||
|
+ addlenstr(l, attrname);
|
||||||
|
+ addlenstr(l, ": ");
|
||||||
|
+ addlenstr(l, log_val);
|
||||||
|
+ addlenstr(l, "\n");
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Write "requested" attributes from the entry to the audit log as "comments"
|
||||||
|
*
|
||||||
|
@@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
||||||
|
for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr;
|
||||||
|
req_attr = ldap_utf8strtok_r(NULL, ", ", &last))
|
||||||
|
{
|
||||||
|
- char **vals = slapi_entry_attr_get_charray(entry, req_attr);
|
||||||
|
- for(size_t i = 0; vals && vals[i]; i++) {
|
||||||
|
- char log_val[256] = {0};
|
||||||
|
-
|
||||||
|
- if (strlen(vals[i]) > 256) {
|
||||||
|
- strncpy(log_val, vals[i], 252);
|
||||||
|
- strcat(log_val, "...");
|
||||||
|
- } else {
|
||||||
|
- strcpy(log_val, vals[i]);
|
||||||
|
- }
|
||||||
|
- addlenstr(l, "#");
|
||||||
|
- addlenstr(l, req_attr);
|
||||||
|
- addlenstr(l, ": ");
|
||||||
|
- addlenstr(l, log_val);
|
||||||
|
- addlenstr(l, "\n");
|
||||||
|
+ slapi_entry_attr_find(entry, req_attr, &entry_attr);
|
||||||
|
+ if (entry_attr) {
|
||||||
|
+ log_entry_attr(entry_attr, req_attr, l);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
@@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
||||||
|
for (; entry_attr; entry_attr = entry_attr->a_next) {
|
||||||
|
Slapi_Value **vals = attr_get_present_values(entry_attr);
|
||||||
|
char *attr = NULL;
|
||||||
|
- const char *val = NULL;
|
||||||
|
|
||||||
|
slapi_attr_get_type(entry_attr, &attr);
|
||||||
|
if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) {
|
||||||
|
@@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
||||||
|
addlenstr(l, ": ****************************\n");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- for(size_t i = 0; vals && vals[i]; i++) {
|
||||||
|
- char log_val[256] = {0};
|
||||||
|
-
|
||||||
|
- val = slapi_value_get_string(vals[i]);
|
||||||
|
- if (strlen(val) > 256) {
|
||||||
|
- strncpy(log_val, val, 252);
|
||||||
|
- strcat(log_val, "...");
|
||||||
|
- } else {
|
||||||
|
- strcpy(log_val, val);
|
||||||
|
- }
|
||||||
|
- addlenstr(l, "#");
|
||||||
|
- addlenstr(l, attr);
|
||||||
|
- addlenstr(l, ": ");
|
||||||
|
- addlenstr(l, log_val);
|
||||||
|
- addlenstr(l, "\n");
|
||||||
|
- }
|
||||||
|
+ log_entry_attr(entry_attr, attr, l);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
slapi_ch_free_string(&display_attrs);
|
||||||
24
CVE-2024-1062-2.patch
Normal file
24
CVE-2024-1062-2.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From be7c2b82958e91ce08775bf6b5da3c311d3b00e5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: progier389 <progier@redhat.com>
|
||||||
|
Date: Mon, 20 Feb 2023 16:14:05 +0100
|
||||||
|
Subject: [PATCH] Issue 5647 - Fix unused variable warning from previous commit
|
||||||
|
(#5670)
|
||||||
|
|
||||||
|
* issue 5647 - memory leak in audit log when adding entries
|
||||||
|
* Issue 5647 - Fix unused variable warning from previous commit
|
||||||
|
---
|
||||||
|
ldap/servers/slapd/auditlog.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
|
||||||
|
index 3128e04974..0597ecc6f1 100644
|
||||||
|
--- a/ldap/servers/slapd/auditlog.c
|
||||||
|
+++ b/ldap/servers/slapd/auditlog.c
|
||||||
|
@@ -254,7 +254,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
||||||
|
} else {
|
||||||
|
/* Return all attributes */
|
||||||
|
for (; entry_attr; entry_attr = entry_attr->a_next) {
|
||||||
|
- Slapi_Value **vals = attr_get_present_values(entry_attr);
|
||||||
|
char *attr = NULL;
|
||||||
|
|
||||||
|
slapi_attr_get_type(entry_attr, &attr);
|
||||||
Loading…
x
Reference in New Issue
Block a user