[Pkg-freeipa-devel] [Git][freeipa-team/slapi-nis][master] 2 commits: CVE-2021-3480-invalid-bind-DN-crash.patch: Fix CVE-2021-3480. (Closes: #988736)

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Thu Jun 10 18:18:33 BST 2021 


Timo Aaltonen pushed to branch master at FreeIPA packaging / slapi-nis


Commits:
96a48eda by Timo Aaltonen at 2021-06-10T20:17:33+03:00
CVE-2021-3480-invalid-bind-DN-crash.patch: Fix CVE-2021-3480. (Closes: #988736)

- - - - -
91cce7e7 by Timo Aaltonen at 2021-06-10T20:17:42+03:00
releasing package slapi-nis version 0.56.5-2

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/CVE-2021-3480-invalid-bind-DN-crash.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,10 @@
+slapi-nis (0.56.5-2) unstable; urgency=medium
+
+  * CVE-2021-3480-invalid-bind-DN-crash.patch: Fix CVE-2021-3480.
+    (Closes: #988736)
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Thu, 10 Jun 2021 20:17:34 +0300
+
 slapi-nis (0.56.5-1) unstable; urgency=medium
 
   * New upstream release.


=====================================
debian/patches/CVE-2021-3480-invalid-bind-DN-crash.patch
=====================================
@@ -0,0 +1,33 @@
+From c7417ea2d534712e559b56ed45baa91c5d3d44db Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy at redhat.com>
+Date: Wed, 7 Apr 2021 14:40:52 +0300
+Subject: [PATCH] CVE-2021-3480: invalid bind DN crash
+
+For certain LDAP bind operations 389-ds would pass unvalidated bind DN
+to bind plugins. A first attempt to normalize the DN would find that out
+and should reject the request.
+
+Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
+---
+ src/back-sch.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/back-sch.c b/src/back-sch.c
+index a5e4c04..d806627 100644
+--- a/src/back-sch.c
++++ b/src/back-sch.c
+@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
+ 		rdn = slapi_rdn_new_sdn(cbdata->target_dn);
+ 		if (rdn != NULL) {
+ 			rdnstr = slapi_rdn_get_nrdn(rdn);
++			if (rdnstr == NULL) {
++				/* normalizing RDN failed, break the search */
++				slapi_rdn_free(&rdn);
++				return FALSE;
++			}
+ 			if (map_match(cbdata->state, group, set, &flag,
+ 				      strlen(rdnstr), rdnstr,
+ 				      &ndnlen, &ndn,
+-- 
+2.30.2
+


=====================================
debian/patches/series
=====================================
@@ -1 +1,2 @@
 fix-hyphen-used-as-minus-sign.patch
+CVE-2021-3480-invalid-bind-DN-crash.patch



View it on GitLab: https://salsa.debian.org/freeipa-team/slapi-nis/-/compare/ab0da3c7f0e0fbb3d4c6467f077ae7f22cb2cbc7...91cce7e7d97ffefbd9f0cd0719466500e0ad9ec0

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/slapi-nis/-/compare/ab0da3c7f0e0fbb3d4c6467f077ae7f22cb2cbc7...91cce7e7d97ffefbd9f0cd0719466500e0ad9ec0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20210610/6e9a2990/attachment-0001.htm>

More information about the Pkg-freeipa-devel mailing list