- Fix CVE-2017-17740: when both the nops module and the memberof
overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313) OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=233
This commit is contained in:
parent
7fcf270ced
commit
e604505058
35
0017-Fix-segfault-in-nops.patch
Normal file
35
0017-Fix-segfault-in-nops.patch
Normal file
@ -0,0 +1,35 @@
|
||||
diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c
|
||||
index 54c24682a..06945d811 100644
|
||||
--- a/servers/slapd/overlays/memberof.c
|
||||
+++ b/servers/slapd/overlays/memberof.c
|
||||
@@ -360,10 +360,16 @@ memberof_value_modify(
|
||||
unsigned long opid = op->o_opid;
|
||||
SlapReply rs2 = { REP_RESULT };
|
||||
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
|
||||
- Modifications mod[ 2 ] = { { { 0 } } }, *ml;
|
||||
- struct berval values[ 4 ], nvalues[ 4 ];
|
||||
+ Modifications *mod, *ml;
|
||||
+ struct berval *values, *nvalues;
|
||||
int mcnt = 0;
|
||||
|
||||
+ mod = (Modifications*)malloc(2 * sizeof(Modifications));
|
||||
+ memset(mod, 0, 2 * sizeof(Modifications));
|
||||
+
|
||||
+ values = (struct berval*)malloc(4 * sizeof(struct berval));
|
||||
+ nvalues = (struct berval*)malloc(4 * sizeof(struct berval));
|
||||
+
|
||||
op2.o_tag = LDAP_REQ_MODIFY;
|
||||
|
||||
op2.o_req_dn = *ndn;
|
||||
@@ -493,6 +499,11 @@ memberof_value_modify(
|
||||
/* restore original opid */
|
||||
op->o_opid = opid;
|
||||
|
||||
+
|
||||
+ slap_mods_free( mod, 0 );
|
||||
+ free(values);
|
||||
+ free(nvalues);
|
||||
+
|
||||
/* FIXME: if old_group_ndn doesn't exist, both delete __and__
|
||||
* add will fail; better split in two operations, although
|
||||
* not optimal in terms of performance. At least it would
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 20 13:32:36 UTC 2018 - ckowalczyk@suse.com
|
||||
|
||||
- Fix CVE-2017-17740: when both the nops module and the memberof
|
||||
overlay are enabled, attempts to free a buffer that was allocated
|
||||
on the stack
|
||||
* patch: 0017-Fix-segfault-in-nops.patch
|
||||
(bsc#1073313)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 12 14:25:52 UTC 2018 - Dominique Leuenberger <dleuenberger@suse.com>
|
||||
|
||||
|
@ -69,6 +69,7 @@ Patch12: 0012-ITS8051-sockdnpat.patch
|
||||
Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
|
||||
Patch15: openldap-r-only.dif
|
||||
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
|
||||
Patch17: 0017-Fix-segfault-in-nops.patch
|
||||
Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
|
||||
Source201: %{name_ppolicy_check_module}.Makefile
|
||||
Source202: %{name_ppolicy_check_module}.conf
|
||||
@ -268,6 +269,7 @@ gzip -k %{S:203}
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
cp %{SOURCE5} .
|
||||
|
||||
# Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/
|
||||
|
Loading…
Reference in New Issue
Block a user