diff options
| author | Xin LI <delphij@FreeBSD.org> | 2015-02-06 22:18:15 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2015-02-06 22:18:15 +0000 |
| commit | 169ea456f7f7aa82ae32dae084139d1c819f10bd (patch) | |
| tree | a7dd868392ff43f473a1d090c37473288110d407 /net | |
| parent | Update to version 0.6.1.1 (diff) | |
Apply two upstream patches to address two remote DoS issues:
- ITS8027: crash when a search includes the Deref control with an
empty attribute list.
- ITS8046: double free and crash by certain search queries using
the Matched Values control.
MFH: 2015Q1
Notes
Notes:
svn path=/head/; revision=378558
Diffstat (limited to 'net')
| -rw-r--r-- | net/openldap24-server/Makefile | 2 | ||||
| -rw-r--r-- | net/openldap24-server/files/patch-ITS8027 | 26 | ||||
| -rw-r--r-- | net/openldap24-server/files/patch-ITS8046 | 34 |
3 files changed, 61 insertions, 1 deletions
diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile index 262cb0e48915..b3dd18a544e7 100644 --- a/net/openldap24-server/Makefile +++ b/net/openldap24-server/Makefile @@ -59,7 +59,7 @@ BROKEN= incompatible OpenLDAP version: ${WANT_OPENLDAP_VER} .endif PORTREVISION_CLIENT= 1 -PORTREVISION_SERVER= 2 +PORTREVISION_SERVER= 3 OPENLDAP_SHLIB_MAJOR= 2 OPENLDAP_SHLIB_MINOR= 10.3 OPENLDAP_MAJOR= ${DISTVERSION:R} diff --git a/net/openldap24-server/files/patch-ITS8027 b/net/openldap24-server/files/patch-ITS8027 new file mode 100644 index 000000000000..2136137b28cb --- /dev/null +++ b/net/openldap24-server/files/patch-ITS8027 @@ -0,0 +1,26 @@ +From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 19 Jan 2015 22:25:53 +0000 +Subject: [PATCH] ITS#8027 require non-empty AttributeList + +--- + servers/slapd/overlays/deref.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git servers/slapd/overlays/deref.c servers/slapd/overlays/deref.c +index 9420e3e..05aa890 100644 +--- servers/slapd/overlays/deref.c ++++ servers/slapd/overlays/deref.c +@@ -183,7 +183,8 @@ deref_parseCtrl ( + ber_len_t cnt = sizeof(struct berval); + ber_len_t off = 0; + +- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) ++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ++ || !cnt ) + { + rs->sr_text = "Dereference control: derefSpec decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; +-- +1.7.10.4 + diff --git a/net/openldap24-server/files/patch-ITS8046 b/net/openldap24-server/files/patch-ITS8046 new file mode 100644 index 000000000000..eee2145f6fae --- /dev/null +++ b/net/openldap24-server/files/patch-ITS8046 @@ -0,0 +1,34 @@ +From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 4 Feb 2015 02:03:55 +0000 +Subject: [PATCH] ITS#8046 fix vrFilter_free + +--- + servers/slapd/filter.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git servers/slapd/filter.c servers/slapd/filter.c +index b859f73..22c81c8 100644 +--- servers/slapd/filter.c ++++ servers/slapd/filter.c +@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, + void + vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) + { +- ValuesReturnFilter *p, *next; ++ ValuesReturnFilter *next; + +- if ( vrf == NULL ) { +- return; +- } +- +- for ( p = vrf; p != NULL; p = next ) { +- next = p->vrf_next; ++ for ( ; vrf != NULL; vrf = next ) { ++ next = vrf->vrf_next; + + switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { + case LDAP_FILTER_PRESENT: +-- +1.7.10.4 + |