forked from pool/openldap2
Accepting request 42373 from network:ldap
checked in (request 42373) OBS-URL: https://build.opensuse.org/request/show/42373 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=39
This commit is contained in:
parent
e488e6253c
commit
55aa20cad2
@ -1,38 +0,0 @@
|
|||||||
From e32aa64d19840a3b76da532d200fa1cb733e0672 Mon Sep 17 00:00:00 2001
|
|
||||||
From: ralf <ralf>
|
|
||||||
Date: Thu, 20 May 2010 15:08:28 +0000
|
|
||||||
Subject: Syncprov might lose deletes (ITS#6555)
|
|
||||||
|
|
||||||
During the refresh phase the sync filter needs to be adjusted (skipping
|
|
||||||
the "(entrycsn>=cookie)" part that was inserted) when checking whether a
|
|
||||||
change needs to be replicated, otherwise we lose DELETES that happen during
|
|
||||||
the refresh phase.
|
|
||||||
|
|
||||||
bnc#606294
|
|
||||||
|
|
||||||
1 files changed, 9 insertions(+), 1 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
|
|
||||||
index 675568e..030edf5 100644
|
|
||||||
--- a/servers/slapd/overlays/syncprov.c
|
|
||||||
+++ b/servers/slapd/overlays/syncprov.c
|
|
||||||
@@ -1301,7 +1301,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
|
|
||||||
op2.o_hdr = &oh;
|
|
||||||
op2.o_extra = op->o_extra;
|
|
||||||
op2.o_callback = NULL;
|
|
||||||
- rc = test_filter( &op2, e, ss->s_op->ors_filter );
|
|
||||||
+ ldap_pvt_thread_mutex_lock( &ss->s_mutex );
|
|
||||||
+ if (ss->s_flags & PS_FIX_FILTER) {
|
|
||||||
+ /* Skip the AND/GE clause that we stuck on in front. We
|
|
||||||
+ would lose deletes/mods that happen during the refresh
|
|
||||||
+ phase otherwise (ITS#6555) */
|
|
||||||
+ op2.ors_filter = ss->s_op->ors_filter->f_and->f_next;
|
|
||||||
+ }
|
|
||||||
+ ldap_pvt_thread_mutex_unlock( &ss->s_mutex );
|
|
||||||
+ rc = test_filter( &op2, e, op2.ors_filter );
|
|
||||||
}
|
|
||||||
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n",
|
|
||||||
--
|
|
||||||
1.7.0.3
|
|
||||||
|
|
@ -1,12 +1,3 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- LDAP clients could crash the server by submitting a specially
|
|
||||||
crafted LDAP ModRDN operation. (bnc#612430, ITS#6570)
|
|
||||||
- Delete Operations happening during the "Refresh" phase of
|
|
||||||
"refreshAndPersist" replication failed to replicate under
|
|
||||||
certain circumstances (bnc#606294, ITS#6555)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
|
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openldap2 (Version 2.4.21)
|
# spec file for package openldap2-client (Version 2.4.21)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
@ -19,7 +19,7 @@
|
|||||||
|
|
||||||
%define run_test_suite 1
|
%define run_test_suite 1
|
||||||
|
|
||||||
Name: openldap2-client
|
Name: openldap2-client
|
||||||
BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel tcpd-devel
|
BuildRequires: cyrus-sasl-devel db-devel libopenssl-devel tcpd-devel
|
||||||
%if %sles_version == 9
|
%if %sles_version == 9
|
||||||
BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
|
BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel
|
||||||
@ -60,8 +60,6 @@ Patch5: slapd-back-hdb-fortify.dif
|
|||||||
Patch6: libldap-gethostbyname_r.dif
|
Patch6: libldap-gethostbyname_r.dif
|
||||||
Patch7: pie-compile.dif
|
Patch7: pie-compile.dif
|
||||||
Patch11: slapd-bconfig-del-db.dif
|
Patch11: slapd-bconfig-del-db.dif
|
||||||
Patch12: Syncprov-might-lose-deletes-ITS-6555.dif
|
|
||||||
Patch13: slapd-modrdn-crash-ITS-6570.dif
|
|
||||||
Patch100: openldap-2.3.37.dif
|
Patch100: openldap-2.3.37.dif
|
||||||
Patch200: slapd_getaddrinfo_dupl.dif
|
Patch200: slapd_getaddrinfo_dupl.dif
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
@ -182,8 +180,6 @@ Authors:
|
|||||||
%patch7
|
%patch7
|
||||||
%endif
|
%endif
|
||||||
%patch11
|
%patch11
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
%if %suse_version == 1100
|
%if %suse_version == 1100
|
||||||
%patch200 -p1
|
%patch200 -p1
|
||||||
%endif
|
%endif
|
||||||
|
@ -1,12 +1,3 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com
|
|
||||||
|
|
||||||
- LDAP clients could crash the server by submitting a specially
|
|
||||||
crafted LDAP ModRDN operation. (bnc#612430, ITS#6570)
|
|
||||||
- Delete Operations happening during the "Refresh" phase of
|
|
||||||
"refreshAndPersist" replication failed to replicate under
|
|
||||||
certain circumstances (bnc#606294, ITS#6555)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
|
Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com
|
||||||
|
|
||||||
|
@ -60,8 +60,6 @@ Patch5: slapd-back-hdb-fortify.dif
|
|||||||
Patch6: libldap-gethostbyname_r.dif
|
Patch6: libldap-gethostbyname_r.dif
|
||||||
Patch7: pie-compile.dif
|
Patch7: pie-compile.dif
|
||||||
Patch11: slapd-bconfig-del-db.dif
|
Patch11: slapd-bconfig-del-db.dif
|
||||||
Patch12: Syncprov-might-lose-deletes-ITS-6555.dif
|
|
||||||
Patch13: slapd-modrdn-crash-ITS-6570.dif
|
|
||||||
Patch100: openldap-2.3.37.dif
|
Patch100: openldap-2.3.37.dif
|
||||||
Patch200: slapd_getaddrinfo_dupl.dif
|
Patch200: slapd_getaddrinfo_dupl.dif
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
@ -182,8 +180,6 @@ Authors:
|
|||||||
%patch7
|
%patch7
|
||||||
%endif
|
%endif
|
||||||
%patch11
|
%patch11
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
%if %suse_version == 1100
|
%if %suse_version == 1100
|
||||||
%patch200 -p1
|
%patch200 -p1
|
||||||
%endif
|
%endif
|
||||||
|
@ -1,100 +0,0 @@
|
|||||||
From 6e229f5b94be41c4b9372914ae9bff90ccd81014 Mon Sep 17 00:00:00 2001
|
|
||||||
From: hyc <hyc>
|
|
||||||
Date: Sun, 6 Jun 2010 22:02:32 +0000
|
|
||||||
Subject: slapd modrdn crash (ITS#6570)
|
|
||||||
|
|
||||||
part #1 reject RDNs with binary BER values
|
|
||||||
part #2 reject RDNs with empty values
|
|
||||||
|
|
||||||
Unauthenticated LDAP clients could crash the server by submitting a
|
|
||||||
specially crafted LDAP ModRDN operatoin.
|
|
||||||
|
|
||||||
Part #1:
|
|
||||||
OpenLDAP crashes with segfault during the processing of a modrdn call with
|
|
||||||
maliciously formed destination rdn string. No authentication is required to
|
|
||||||
trigger this vulnerability.
|
|
||||||
|
|
||||||
Part #2:
|
|
||||||
OpenLDAP crashes at a null pointer dereference during the processing of modrdn
|
|
||||||
call with maliciously formed destination rdn string. No authentication is
|
|
||||||
required to trigger this vulnerability.
|
|
||||||
|
|
||||||
3 files changed, 16 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
|
|
||||||
index 3534e7f..75d2204 100644
|
|
||||||
--- a/servers/slapd/dn.c
|
|
||||||
+++ b/servers/slapd/dn.c
|
|
||||||
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
|
|
||||||
ava->la_attr = ad->ad_cname;
|
|
||||||
|
|
||||||
if( ava->la_flags & LDAP_AVA_BINARY ) {
|
|
||||||
- if( ava->la_value.bv_len == 0 ) {
|
|
||||||
- /* BER encoding is empty */
|
|
||||||
- return LDAP_INVALID_SYNTAX;
|
|
||||||
- }
|
|
||||||
+ /* AVA is binary encoded, not supported */
|
|
||||||
+ return LDAP_INVALID_SYNTAX;
|
|
||||||
|
|
||||||
/* Do not allow X-ORDERED 'VALUES' naming attributes */
|
|
||||||
} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
|
|
||||||
return LDAP_INVALID_SYNTAX;
|
|
||||||
|
|
||||||
- /* AVA is binary encoded, don't muck with it */
|
|
||||||
} else if( flags & SLAP_LDAPDN_PRETTY ) {
|
|
||||||
transf = ad->ad_type->sat_syntax->ssyn_pretty;
|
|
||||||
if( !transf ) {
|
|
||||||
@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
|
|
||||||
ava->la_value = bv;
|
|
||||||
ava->la_flags |= LDAP_AVA_FREE_VALUE;
|
|
||||||
}
|
|
||||||
+ /* reject empty values */
|
|
||||||
+ if (!ava->la_value.bv_len) {
|
|
||||||
+ return LDAP_INVALID_SYNTAX;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
rc = LDAP_SUCCESS;
|
|
||||||
|
|
||||||
diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
|
|
||||||
index e386ef9..e143a7b 100644
|
|
||||||
--- a/servers/slapd/modrdn.c
|
|
||||||
+++ b/servers/slapd/modrdn.c
|
|
||||||
@@ -445,12 +445,19 @@ slap_modrdn2mods(
|
|
||||||
mod_tmp->sml_values[1].bv_val = NULL;
|
|
||||||
if( desc->ad_type->sat_equality->smr_normalize) {
|
|
||||||
mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
|
|
||||||
- (void) (*desc->ad_type->sat_equality->smr_normalize)(
|
|
||||||
+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
|
|
||||||
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
|
|
||||||
desc->ad_type->sat_syntax,
|
|
||||||
desc->ad_type->sat_equality,
|
|
||||||
&mod_tmp->sml_values[0],
|
|
||||||
&mod_tmp->sml_nvalues[0], NULL );
|
|
||||||
+ if (rs->sr_err != LDAP_SUCCESS) {
|
|
||||||
+ ch_free(mod_tmp->sml_nvalues);
|
|
||||||
+ ch_free(mod_tmp->sml_values[0].bv_val);
|
|
||||||
+ ch_free(mod_tmp->sml_values);
|
|
||||||
+ ch_free(mod_tmp);
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
mod_tmp->sml_nvalues[1].bv_val = NULL;
|
|
||||||
} else {
|
|
||||||
mod_tmp->sml_nvalues = NULL;
|
|
||||||
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
|
|
||||||
index 68e6d28..d2f4708 100644
|
|
||||||
--- a/servers/slapd/schema_init.c
|
|
||||||
+++ b/servers/slapd/schema_init.c
|
|
||||||
@@ -1732,8 +1732,9 @@ UTF8StringNormalize(
|
|
||||||
? LDAP_UTF8_APPROX : 0;
|
|
||||||
|
|
||||||
val = UTF8bvnormalize( val, &tmp, flags, ctx );
|
|
||||||
+ /* out of memory or syntax error, the former is unlikely */
|
|
||||||
if( val == NULL ) {
|
|
||||||
- return LDAP_OTHER;
|
|
||||||
+ return LDAP_INVALID_SYNTAX;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* collapse spaces (in place) */
|
|
||||||
--
|
|
||||||
1.7.0.3
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user