diff options
-rw-r--r-- | main/openldap/APKBUILD | 4 | ||||
-rw-r--r-- | main/openldap/cve-2011-4079.patch | 55 |
2 files changed, 58 insertions, 1 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 1e4410ce51..cb50dd92e6 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openldap pkgver=2.4.26 -pkgrel=2 +pkgrel=3 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -17,6 +17,7 @@ install="$pkgname.pre-install $pkgname.post-install" source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz openldap-2.4-ppolicy.patch openldap-2.4.11-libldap_r.patch + cve-2011-4079.patch slapd.initd slapd.confd slurpd.initd @@ -113,6 +114,7 @@ monitor() { _backend monitor; } md5sums="f36f3086031dd56ae94f722ffae8df5e openldap-2.4.26.tgz 2524e490ba334a760fa57057c16da7a9 openldap-2.4-ppolicy.patch d19d0502f046078ecd737e29e7552fa8 openldap-2.4.11-libldap_r.patch +967d86fbfdbf9054b722f23323751fc9 cve-2011-4079.patch a729bf553d12b4a9fbda0ff5202a0443 slapd.initd b672311fca605c398240cd37a2ae080a slapd.confd fa5ce0005ef5f1160b6ff126f97aaa1a slurpd.initd" diff --git a/main/openldap/cve-2011-4079.patch b/main/openldap/cve-2011-4079.patch new file mode 100644 index 0000000000..94a453d9c6 --- /dev/null +++ b/main/openldap/cve-2011-4079.patch @@ -0,0 +1,55 @@ +one-byte buffer overflow in slapd + +Resolves: #749324 (CVE-2011-4079) +Upstream ITS: #7059 +Upstream commits: d0dd861 5072387 +Author: Howard Chu <hyc@openldap.org> + +diff -u +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -1852,12 +1852,12 @@ UTF8StringNormalize( + } + nvalue.bv_val[nvalue.bv_len] = '\0'; + +- } else { ++ } else if ( tmp.bv_len ) { + /* string of all spaces is treated as one space */ + nvalue.bv_val[0] = ' '; + nvalue.bv_val[1] = '\0'; + nvalue.bv_len = 1; +- } ++ } /* should never be entered with 0-length val */ + + *normalized = nvalue; + return LDAP_SUCCESS; +@@ -2331,13 +2331,18 @@ postalAddressNormalize( + } + lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val; + +- normalized->bv_len = l; ++ normalized->bv_len = c = l; + +- for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) { ++ for ( l = 0; l <= c; l++ ) { + /* NOTE: we directly normalize each line, + * without unescaping the values, since the special + * values '\24' ('$') and '\5C' ('\') are not affected + * by normalization */ ++ if ( !lines[l].bv_len ) { ++ nlines[l].bv_len = 0; ++ nlines[l].bv_val = NULL; ++ continue; ++ } + rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx ); + if ( rc != LDAP_SUCCESS ) { + rc = LDAP_INVALID_SYNTAX; +@@ -2350,7 +2355,7 @@ postalAddressNormalize( + normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx ); + + p = normalized->bv_val; +- for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) { ++ for ( l = 0; l <= c ; l++ ) { + p = lutil_strbvcopy( p, &nlines[l] ); + *p++ = '$'; + } |