[Pkg-openldap-devel] [openldap] 02/02: fix deref crash with empty attr list (#776988)

Luca Bruno lucab at moszumanska.debian.org
Thu Feb 5 11:51:07 UTC 2015 

This is an automated email from the git hooks/post-receive script.

lucab pushed a commit to branch wheezy
in repository openldap.

commit c26aed75a5dc8df30e8663769666c581141860fe
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Wed Feb 4 08:29:05 2015 -0800

    fix deref crash with empty attr list (#776988)
    
    Conflicts:
    	debian/changelog
    	debian/patches/series
---
 debian/changelog                                     |  3 +++
 .../ITS8027-deref-reject-empty-attr-list.patch       | 20 ++++++++++++++++++++
 debian/patches/series                                |  1 +
 3 files changed, 24 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 09a0501..50e1abe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ openldap (2.4.31-2) UNRELEASED; urgency=high
   [ Ryan Tandy ]
   * debian/slapd.init.ldif: Disallow modifying one's own entry by default,
     except specific attributes. (Closes: #761406)
+  * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream 
+    patch to fix a crash when a search includes the Deref control with an 
+    empty attribute list. (ITS#8027) (Closes: #776988)
 
  -- Luca Bruno <lucab at debian.org>  Thu, 05 Feb 2015 12:40:58 +0100
 
diff --git a/debian/patches/ITS8027-deref-reject-empty-attr-list.patch b/debian/patches/ITS8027-deref-reject-empty-attr-list.patch
new file mode 100644
index 0000000..bc0c2ee
--- /dev/null
+++ b/debian/patches/ITS8027-deref-reject-empty-attr-list.patch
@@ -0,0 +1,20 @@
+commit c32e74763f77675b9e144126e375977ed6dc562c
+Author: Howard Chu <hyc at openldap.org>
+Date:   Mon Jan 19 22:25:53 2015 +0000
+
+    ITS#8027 require non-empty AttributeList
+
+Index: openldap/servers/slapd/overlays/deref.c
+===================================================================
+--- openldap.orig/servers/slapd/overlays/deref.c	2015-02-05 12:46:45.420064048 +0100
++++ openldap/servers/slapd/overlays/deref.c	2015-02-05 12:46:45.412060048 +0100
+@@ -182,7 +182,8 @@
+ 		ber_len_t cnt = sizeof(struct berval);
+ 		ber_len_t off = 0;
+ 
+-		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
++		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
++			|| !cnt )
+ 		{
+ 			rs->sr_text = "Dereference control: derefSpec decoding error";
+ 			rs->sr_err = LDAP_PROTOCOL_ERROR;
diff --git a/debian/patches/series b/debian/patches/series
index 25a9086..e7b7915 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,3 +20,4 @@ switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
 no-bdb-ABI-second-guessing
 heimdal-fix
 bdb-deadlock.patch
+ITS8027-deref-reject-empty-attr-list.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

More information about the Pkg-openldap-devel mailing list