Commit 213618cf authored by Natanael Copa's avatar Natanael Copa
Browse files

main/openldap: security fix (CVE-2011-4079)

fixes #837
parent 7f9388fa
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openldap
pkgver=2.4.25
pkgrel=1
pkgrel=2
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
......@@ -18,6 +18,7 @@ source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tg
openldap-2.4-ppolicy.patch
openldap-2.4.11-libldap_r.patch
openldap-back-sql-fix-64bit.patch
cve-2011-4079.patch
slapd.initd
slapd.confd
slurpd.initd
......@@ -111,6 +112,7 @@ md5sums="ec63f9c2add59f323a0459128846905b openldap-2.4.25.tgz
2524e490ba334a760fa57057c16da7a9 openldap-2.4-ppolicy.patch
d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch
226eefb3e17810f453b76cbc9d1bdbad openldap-back-sql-fix-64bit.patch
967d86fbfdbf9054b722f23323751fc9 cve-2011-4079.patch
a729bf553d12b4a9fbda0ff5202a0443 slapd.initd
b672311fca605c398240cd37a2ae080a slapd.confd
fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd"
one-byte buffer overflow in slapd
Resolves: #749324 (CVE-2011-4079)
Upstream ITS: #7059
Upstream commits: d0dd861 5072387
Author: Howard Chu <hyc@openldap.org>
diff -u
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -1852,12 +1852,12 @@ UTF8StringNormalize(
}
nvalue.bv_val[nvalue.bv_len] = '\0';
- } else {
+ } else if ( tmp.bv_len ) {
/* string of all spaces is treated as one space */
nvalue.bv_val[0] = ' ';
nvalue.bv_val[1] = '\0';
nvalue.bv_len = 1;
- }
+ } /* should never be entered with 0-length val */
*normalized = nvalue;
return LDAP_SUCCESS;
@@ -2331,13 +2331,18 @@ postalAddressNormalize(
}
lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val;
- normalized->bv_len = l;
+ normalized->bv_len = c = l;
- for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) {
+ for ( l = 0; l <= c; l++ ) {
/* NOTE: we directly normalize each line,
* without unescaping the values, since the special
* values '\24' ('$') and '\5C' ('\') are not affected
* by normalization */
+ if ( !lines[l].bv_len ) {
+ nlines[l].bv_len = 0;
+ nlines[l].bv_val = NULL;
+ continue;
+ }
rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx );
if ( rc != LDAP_SUCCESS ) {
rc = LDAP_INVALID_SYNTAX;
@@ -2350,7 +2355,7 @@ postalAddressNormalize(
normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx );
p = normalized->bv_val;
- for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) {
+ for ( l = 0; l <= c ; l++ ) {
p = lutil_strbvcopy( p, &nlines[l] );
*p++ = '$';
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment