[Pkg-openldap-devel] [openldap] 04/07: Import GnuTLS use-after-free patch (#820244)

Ryan Tandy rtandy-guest at moszumanska.debian.org
Fri Aug 11 02:05:46 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch stretch
in repository openldap.

commit ce9313479bbaf4d48a89a3ea9312451772d13530
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Tue Aug 8 18:32:57 2017 -0700

    Import GnuTLS use-after-free patch (#820244)
---
 debian/changelog                                   |  3 +
 .../ITS-8385-Fix-use-after-free-with-GnuTLS.patch  | 77 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 81 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index b0b2e34..b93238c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,9 @@ openldap (2.4.44+dfsg-5+deb9u1) UNRELEASED; urgency=medium
   * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until 
     the underlying kernel bug #866122 is fixed.
   * Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
+  * Import upstream patch to avoid reading the value of the 
+    LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory. 
+    (ITS#8385) (Closes: #820244)
 
  -- Ryan Tandy <ryan at nardis.ca>  Tue, 08 Aug 2017 18:19:08 -0700
 
diff --git a/debian/patches/ITS-8385-Fix-use-after-free-with-GnuTLS.patch b/debian/patches/ITS-8385-Fix-use-after-free-with-GnuTLS.patch
new file mode 100644
index 0000000..081076d
--- /dev/null
+++ b/debian/patches/ITS-8385-Fix-use-after-free-with-GnuTLS.patch
@@ -0,0 +1,77 @@
+From 283f3ae1713df449cc170965b311b19157f7b7ea Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc at openldap.org>
+Date: Sat, 12 Mar 2016 11:03:29 +0000
+Subject: [PATCH] ITS#8385 Fix use-after-free with GnuTLS
+
+---
+ libraries/libldap/tls_g.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -47,11 +47,11 @@
+ #define DH_BITS	(1024)
+ 
+ typedef struct tlsg_ctx {
+-	struct ldapoptions *lo;
+ 	gnutls_certificate_credentials_t cred;
+ 	gnutls_dh_params_t dh_params;
+ 	unsigned long verify_depth;
+ 	int refcount;
++	int reqcert;
+ 	gnutls_priority_t prios;
+ #ifdef LDAP_R_COMPILE
+ 	ldap_pvt_thread_mutex_t ref_mutex;
+@@ -143,7 +143,6 @@
+ 
+ 	ctx = ber_memcalloc ( 1, sizeof (*ctx) );
+ 	if ( ctx ) {
+-		ctx->lo = lo;
+ 		if ( gnutls_certificate_allocate_credentials( &ctx->cred )) {
+ 			ber_memfree( ctx );
+ 			return NULL;
+@@ -316,6 +315,9 @@
+ 		gnutls_dh_params_init(&ctx->dh_params);
+ 		gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
+ 	}
++
++	ctx->reqcert = lo->ldo_tls_require_cert;
++
+ 	return 0;
+ }
+ 
+@@ -337,10 +339,10 @@
+ 	
+ 	if ( is_server ) {
+ 		int flag = 0;
+-		if ( c->lo->ldo_tls_require_cert ) {
++		if ( c->reqcert ) {
+ 			flag = GNUTLS_CERT_REQUEST;
+-			if ( c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
+-				c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD )
++			if ( c->reqcert == LDAP_OPT_X_TLS_DEMAND ||
++				c->reqcert == LDAP_OPT_X_TLS_HARD )
+ 				flag = GNUTLS_CERT_REQUIRE;
+ 			gnutls_certificate_server_set_request( session->session, flag );
+ 		}
+@@ -355,17 +357,17 @@
+ 	int rc;
+ 
+ 	rc = gnutls_handshake( s->session );
+-	if ( rc == 0 && s->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) {
++	if ( rc == 0 && s->ctx->reqcert != LDAP_OPT_X_TLS_NEVER ) {
+ 		const gnutls_datum_t *peer_cert_list;
+ 		unsigned int list_size;
+ 
+ 		peer_cert_list = gnutls_certificate_get_peers( s->session, 
+ 						&list_size );
+-		if ( !peer_cert_list && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_TRY ) 
++		if ( !peer_cert_list && s->ctx->reqcert == LDAP_OPT_X_TLS_TRY )
+ 			rc = 0;
+ 		else {
+ 			rc = tlsg_cert_verify( s );
+-			if ( rc && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW )
++			if ( rc && s->ctx->reqcert == LDAP_OPT_X_TLS_ALLOW )
+ 				rc = 0;
+ 		}
+ 	}
diff --git a/debian/patches/series b/debian/patches/series
index c098154..7eaa68c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,3 +27,4 @@ set-maintainer-name
 ITS-8554-kFreeBSD-is-like-BSD.patch
 ITS-8644-wait-for-slapd-to-start-in-test064.patch
 ITS-8655-paged-results-double-free.patch
+ITS-8385-Fix-use-after-free-with-GnuTLS.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

More information about the Pkg-openldap-devel mailing list