[Pkg-openldap-devel] [openldap] 08/09: fix deref crash with empty attr list (#776988)

Ryan Tandy rtandy-guest at moszumanska.debian.org
Tue Apr 14 00:19:35 UTC 2015 

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch squeeze
in repository openldap.

commit 3fc753e9d8461512b98b8eabcdd33ca5e362a484
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Wed Feb 4 08:29:05 2015 -0800

    fix deref crash with empty attr list (#776988)
    
    Cherry-picked from c26aed7.
    
    Conflicts:
    	debian/changelog
    	debian/patches/series
---
 debian/changelog                                     |  3 +++
 .../ITS8027-deref-reject-empty-attr-list.patch       | 20 ++++++++++++++++++++
 debian/patches/series                                |  1 +
 3 files changed, 24 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 7555258..02701b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ openldap (2.4.23-7.3+deb6u1) UNRELEASED; urgency=high
   * debian/patches/ITS7723-fix-reference-counting.patch: Import upstream patch 
     to fix a crash in the rwm overlay when a search is immediately followed by 
     an unbind. (ITS#7723) (CVE-2013-4449) (Closes: #729367)
+  * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream 
+    patch to fix a crash when a search includes the Deref control with an 
+    empty attribute list. (ITS#8027) (CVE-2015-1545) (Closes: #776988)
 
  -- Ryan Tandy <ryan at nardis.ca>  Mon, 13 Apr 2015 08:53:26 -0700
 
diff --git a/debian/patches/ITS8027-deref-reject-empty-attr-list.patch b/debian/patches/ITS8027-deref-reject-empty-attr-list.patch
new file mode 100644
index 0000000..bc0c2ee
--- /dev/null
+++ b/debian/patches/ITS8027-deref-reject-empty-attr-list.patch
@@ -0,0 +1,20 @@
+commit c32e74763f77675b9e144126e375977ed6dc562c
+Author: Howard Chu <hyc at openldap.org>
+Date:   Mon Jan 19 22:25:53 2015 +0000
+
+    ITS#8027 require non-empty AttributeList
+
+Index: openldap/servers/slapd/overlays/deref.c
+===================================================================
+--- openldap.orig/servers/slapd/overlays/deref.c	2015-02-05 12:46:45.420064048 +0100
++++ openldap/servers/slapd/overlays/deref.c	2015-02-05 12:46:45.412060048 +0100
+@@ -182,7 +182,8 @@
+ 		ber_len_t cnt = sizeof(struct berval);
+ 		ber_len_t off = 0;
+ 
+-		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
++		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
++			|| !cnt )
+ 		{
+ 			rs->sr_text = "Dereference control: derefSpec decoding error";
+ 			rs->sr_err = LDAP_PROTOCOL_ERROR;
diff --git a/debian/patches/series b/debian/patches/series
index 7f7e9e3..0905471 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ CVE-2011-1024
 CVE-2011-1025
 CVE-2011-1081
 ITS7723-fix-reference-counting.patch
+ITS8027-deref-reject-empty-attr-list.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

More information about the Pkg-openldap-devel mailing list