[Pkg-openldap-devel] r728 - in openldap/trunk-2.3/debian: . patches
Matthijs Mohlmann
matthijs at alioth.debian.org
Thu Nov 9 20:22:57 CET 2006
Author: matthijs
Date: 2006-11-09 20:22:56 +0100 (Thu, 09 Nov 2006)
New Revision: 728
Added:
openldap/trunk-2.3/debian/patches/CVE-2006-5779
Modified:
openldap/trunk-2.3/debian/changelog
openldap/trunk-2.3/debian/patches/series
Log:
* Added patch to fix CVE-2006-5779
Modified: openldap/trunk-2.3/debian/changelog
===================================================================
--- openldap/trunk-2.3/debian/changelog 2006-11-09 19:18:39 UTC (rev 727)
+++ openldap/trunk-2.3/debian/changelog 2006-11-09 19:22:56 UTC (rev 728)
@@ -2,8 +2,10 @@
[ Matthijs Mohlmann ]
* LSB section added to the init script.
+ * Added patch to fix a Denial of Service through a certain combination of
+ LDAP BIND requests. (Fixes CVE-2006-5779) (Closes: #397673)
- -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 9 Nov 2006 20:18:20 +0100
+ -- Matthijs Mohlmann <matthijs at cacholong.nl> Thu, 9 Nov 2006 20:22:22 +0100
openldap2.3 (2.3.27-1) unstable; urgency=low
Added: openldap/trunk-2.3/debian/patches/CVE-2006-5779
===================================================================
--- openldap/trunk-2.3/debian/patches/CVE-2006-5779 2006-11-09 19:18:39 UTC (rev 727)
+++ openldap/trunk-2.3/debian/patches/CVE-2006-5779 2006-11-09 19:22:56 UTC (rev 728)
@@ -0,0 +1,46 @@
+Index: libraries/libldap/getdn.c
+===================================================================
+--- libraries/libldap/getdn.c.orig
++++ libraries/libldap/getdn.c
+@@ -2025,7 +2025,7 @@
+ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
+ {
+ ber_len_t l, cl = 1;
+- char *p;
++ char *p, *end;
+ int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
+ #ifdef PRETTY_ESCAPE
+ int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
+@@ -2039,7 +2039,8 @@
+ return( 0 );
+ }
+
+- for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
++ end = val->bv_val + val->bv_len - 1;
++ for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
+
+ /*
+ * escape '%x00'
+@@ -2068,7 +2069,7 @@
+ } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ || LDAP_DN_SHOULDESCAPE( p[ 0 ] )
+ || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+- || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
++ || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ #ifdef PRETTY_ESCAPE
+ #if 0
+ if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
+Index: servers/slapd/connection.c
+===================================================================
+--- servers/slapd/connection.c.orig
++++ servers/slapd/connection.c
+@@ -2008,7 +2008,8 @@
+ op->o_callback = cb->sc_next;
+
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+- op->o_conn->c_conn_state = SLAP_C_ACTIVE;
++ if ( op->o_cnn->c_conn_state == SLAP_C_BINDING )
++ op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+ op->o_conn->c_sasl_bind_in_progress =
+ ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
+
Modified: openldap/trunk-2.3/debian/patches/series
===================================================================
--- openldap/trunk-2.3/debian/patches/series 2006-11-09 19:18:39 UTC (rev 727)
+++ openldap/trunk-2.3/debian/patches/series 2006-11-09 19:22:56 UTC (rev 728)
@@ -12,3 +12,4 @@
disable-epoll-system-call -p0
wrong-database-location -p0
startup-memleak-fix -p0
+CVE-2006-5779 -p0
More information about the Pkg-openldap-devel
mailing list