- Fix CVE-2017-17740: when both the nops module and the memberof
overlay are enabled, attempts to free a buffer that was allocated on the stack * patch: 0017-Fix-segfault-in-nops.patch (bsc#1073313) OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=233
This commit is contained in:
parent
7fcf270ced
commit
e604505058
35
0017-Fix-segfault-in-nops.patch
Normal file
35
0017-Fix-segfault-in-nops.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c
|
||||||
|
index 54c24682a..06945d811 100644
|
||||||
|
--- a/servers/slapd/overlays/memberof.c
|
||||||
|
+++ b/servers/slapd/overlays/memberof.c
|
||||||
|
@@ -360,10 +360,16 @@ memberof_value_modify(
|
||||||
|
unsigned long opid = op->o_opid;
|
||||||
|
SlapReply rs2 = { REP_RESULT };
|
||||||
|
slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
|
||||||
|
- Modifications mod[ 2 ] = { { { 0 } } }, *ml;
|
||||||
|
- struct berval values[ 4 ], nvalues[ 4 ];
|
||||||
|
+ Modifications *mod, *ml;
|
||||||
|
+ struct berval *values, *nvalues;
|
||||||
|
int mcnt = 0;
|
||||||
|
|
||||||
|
+ mod = (Modifications*)malloc(2 * sizeof(Modifications));
|
||||||
|
+ memset(mod, 0, 2 * sizeof(Modifications));
|
||||||
|
+
|
||||||
|
+ values = (struct berval*)malloc(4 * sizeof(struct berval));
|
||||||
|
+ nvalues = (struct berval*)malloc(4 * sizeof(struct berval));
|
||||||
|
+
|
||||||
|
op2.o_tag = LDAP_REQ_MODIFY;
|
||||||
|
|
||||||
|
op2.o_req_dn = *ndn;
|
||||||
|
@@ -493,6 +499,11 @@ memberof_value_modify(
|
||||||
|
/* restore original opid */
|
||||||
|
op->o_opid = opid;
|
||||||
|
|
||||||
|
+
|
||||||
|
+ slap_mods_free( mod, 0 );
|
||||||
|
+ free(values);
|
||||||
|
+ free(nvalues);
|
||||||
|
+
|
||||||
|
/* FIXME: if old_group_ndn doesn't exist, both delete __and__
|
||||||
|
* add will fail; better split in two operations, although
|
||||||
|
* not optimal in terms of performance. At least it would
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 20 13:32:36 UTC 2018 - ckowalczyk@suse.com
|
||||||
|
|
||||||
|
- Fix CVE-2017-17740: when both the nops module and the memberof
|
||||||
|
overlay are enabled, attempts to free a buffer that was allocated
|
||||||
|
on the stack
|
||||||
|
* patch: 0017-Fix-segfault-in-nops.patch
|
||||||
|
(bsc#1073313)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 12 14:25:52 UTC 2018 - Dominique Leuenberger <dleuenberger@suse.com>
|
Mon Nov 12 14:25:52 UTC 2018 - Dominique Leuenberger <dleuenberger@suse.com>
|
||||||
|
|
||||||
|
@ -69,6 +69,7 @@ Patch12: 0012-ITS8051-sockdnpat.patch
|
|||||||
Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
|
Patch14: 0014-ITS-8714-Send-out-EXTENDED-operation-message-from-back-sock.patch
|
||||||
Patch15: openldap-r-only.dif
|
Patch15: openldap-r-only.dif
|
||||||
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
|
Patch16: 0016-Clear-shared-key-only-in-close-function.patch
|
||||||
|
Patch17: 0017-Fix-segfault-in-nops.patch
|
||||||
Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
|
Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
|
||||||
Source201: %{name_ppolicy_check_module}.Makefile
|
Source201: %{name_ppolicy_check_module}.Makefile
|
||||||
Source202: %{name_ppolicy_check_module}.conf
|
Source202: %{name_ppolicy_check_module}.conf
|
||||||
@ -268,6 +269,7 @@ gzip -k %{S:203}
|
|||||||
%patch14 -p1
|
%patch14 -p1
|
||||||
%patch15 -p1
|
%patch15 -p1
|
||||||
%patch16 -p1
|
%patch16 -p1
|
||||||
|
%patch17 -p1
|
||||||
cp %{SOURCE5} .
|
cp %{SOURCE5} .
|
||||||
|
|
||||||
# Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/
|
# Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/
|
||||||
|
Loading…
Reference in New Issue
Block a user