[Pkg-openldap-devel] r728 - in openldap/trunk-2.3/debian: . patches

Thu Nov 9 20:22:57 CET 2006

Author: matthijs
Date: 2006-11-09 20:22:56 +0100 (Thu, 09 Nov 2006)
New Revision: 728

Added:
   openldap/trunk-2.3/debian/patches/CVE-2006-5779
Modified:
   openldap/trunk-2.3/debian/changelog
   openldap/trunk-2.3/debian/patches/series
Log:
 * Added patch to fix CVE-2006-5779


Modified: openldap/trunk-2.3/debian/changelog
===================================================================

--- openldap/trunk-2.3/debian/changelog	2006-11-09 19:18:39 UTC (rev 727)
+++ openldap/trunk-2.3/debian/changelog	2006-11-09 19:22:56 UTC (rev 728)
@@ -2,8 +2,10 @@
 
   [ Matthijs Mohlmann ]
   * LSB section added to the init script.
+  * Added patch to fix a Denial of Service through a certain combination of
+    LDAP BIND requests. (Fixes CVE-2006-5779) (Closes: #397673)
 
- -- Matthijs Mohlmann <matthijs at cacholong.nl>  Thu,  9 Nov 2006 20:18:20 +0100
+ -- Matthijs Mohlmann <matthijs at cacholong.nl>  Thu,  9 Nov 2006 20:22:22 +0100
 
 openldap2.3 (2.3.27-1) unstable; urgency=low
 

Added: openldap/trunk-2.3/debian/patches/CVE-2006-5779
===================================================================
--- openldap/trunk-2.3/debian/patches/CVE-2006-5779	2006-11-09 19:18:39 UTC (rev 727)
+++ openldap/trunk-2.3/debian/patches/CVE-2006-5779	2006-11-09 19:22:56 UTC (rev 728)
@@ -0,0 +1,46 @@
+Index: libraries/libldap/getdn.c
+===================================================================
+--- libraries/libldap/getdn.c.orig
++++ libraries/libldap/getdn.c
+@@ -2025,7 +2025,7 @@
+ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
+ {
+ 	ber_len_t	l, cl = 1;
+-	char		*p;
++	char		*p, *end;
+ 	int		escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
+ #ifdef PRETTY_ESCAPE
+ 	int		escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
+@@ -2039,7 +2039,8 @@
+ 		return( 0 );
+ 	}
+ 
+-	for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
++    end = val->bv_val + val->bv_len - 1;
++    for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
+ 
+ 		/* 
+ 		 * escape '%x00' 
+@@ -2068,7 +2069,7 @@
+ 		} else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ 				|| LDAP_DN_SHOULDESCAPE( p[ 0 ] )
+ 				|| ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+-				|| ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
++                || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ #ifdef PRETTY_ESCAPE
+ #if 0
+ 			if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
+Index: servers/slapd/connection.c
+===================================================================
+--- servers/slapd/connection.c.orig
++++ servers/slapd/connection.c
+@@ -2008,7 +2008,8 @@
+ 	op->o_callback = cb->sc_next;
+ 
+ 	ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+-	op->o_conn->c_conn_state = SLAP_C_ACTIVE;
++    if ( op->o_cnn->c_conn_state == SLAP_C_BINDING )
++        op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+ 	op->o_conn->c_sasl_bind_in_progress =
+ 		( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
+ 

Modified: openldap/trunk-2.3/debian/patches/series
===================================================================
--- openldap/trunk-2.3/debian/patches/series	2006-11-09 19:18:39 UTC (rev 727)
+++ openldap/trunk-2.3/debian/patches/series	2006-11-09 19:22:56 UTC (rev 728)
@@ -12,3 +12,4 @@
 disable-epoll-system-call -p0
 wrong-database-location -p0
 startup-memleak-fix -p0
+CVE-2006-5779 -p0


