Accepting request 762856 from home:stroeder:branches:network:ldap

- added back-port patch
  0013_openldap-its9124_fix_crash_with_cancel_exop.patch
  to fix OpenLDAP ITS#9124

OBS-URL: https://build.opensuse.org/request/show/762856
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=254

0013_openldap-its9124_fix_crash_with_cancel_exop.patch

@@ -0,0 +1,47 @@
+--- openldap-2.4.48.orig/servers/slapd/cancel.c	2019-07-23 16:46:22.000000000 +0200
++++ openldap-2.4.48/servers/slapd/cancel.c	2020-01-10 13:15:53.884714390 +0100
+@@ -2,7 +2,7 @@
+ /* $OpenLDAP$ */
+ /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+  *
+- * Copyright 1998-2019 The OpenLDAP Foundation.
++ * Copyright 1998-2020 The OpenLDAP Foundation.
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -34,7 +34,8 @@
+ 	Operation *o;
+ 	int rc;
+ 	int opid;
+-	BerElement *ber;
++	BerElementBuffer berbuf;
++	BerElement *ber = (BerElement *)&berbuf;
+ 
+ 	assert( ber_bvcmp( &slap_EXOP_CANCEL, &op->ore_reqoid ) == 0 );
+ 
+@@ -43,19 +44,19 @@
+ 		return LDAP_PROTOCOL_ERROR;
+ 	}
+ 
+-	ber = ber_init( op->ore_reqdata );
+-	if ( ber == NULL ) {
+-		rs->sr_text = "internal error";
+-		return LDAP_OTHER;
++	if ( op->ore_reqdata->bv_len == 0 ) {
++		rs->sr_text = "empty request data field";
++		return LDAP_PROTOCOL_ERROR;
+ 	}
+ 
++	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
++	ber_init2( ber, op->ore_reqdata, 0 );
++
+ 	if ( ber_scanf( ber, "{i}", &opid ) == LBER_ERROR ) {
+ 		rs->sr_text = "message ID parse failed";
+ 		return LDAP_PROTOCOL_ERROR;
+ 	}
+ 
+-	(void) ber_free( ber, 1 );
+-
+ 	Statslog( LDAP_DEBUG_STATS, "%s CANCEL msg=%d\n",
+ 		op->o_log_prefix, opid, 0, 0, 0 );
+ 

openldap2.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jan 10 13:16:40 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- added back-port patch
+  0013_openldap-its9124_fix_crash_with_cancel_exop.patch
+  to fix OpenLDAP ITS#9124
+
 -------------------------------------------------------------------
 Sun Dec 22 14:44:19 UTC 2019 - Michael Ströder <michael@stroeder.com>
 

openldap2.spec

@@ -63,6 +63,7 @@ Patch7:         0007-Recover-on-DB-version-change.dif
 Patch8:         0008-In-monitor-backend-do-not-return-Connection0-entries.patch
 Patch9:         0009-Fix-ldap-host-lookup-ipv6.patch
 Patch11:        0011-openldap-re24-its7796.patch
+Patch13:        0013_openldap-its9124_fix_crash_with_cancel_exop.patch
 Patch15:        openldap-r-only.dif
 Patch16:        0016-Clear-shared-key-only-in-close-function.patch
 Source200:      %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
@@ -258,6 +259,7 @@ gzip -k %{S:203}
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch13 -p1
 %patch15 -p1
 %patch16 -p1
 cp %{SOURCE5} .