mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
openldap: Fix CVE-2023-2953
Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce & https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b] Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
5adcef0348
commit
7a87a24786
@@ -0,0 +1,30 @@
|
|||||||
|
From ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Howard Chu <hyc@openldap.org>
|
||||||
|
Date: Wed, 24 Aug 2022 14:40:51 +0100
|
||||||
|
Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
|
||||||
|
|
||||||
|
Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
|
||||||
|
CVE: CVE-2023-2953
|
||||||
|
Signed-off-by: Ashish Sharma <asharma@mvista.com>
|
||||||
|
---
|
||||||
|
libraries/libldap/fetch.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
|
||||||
|
index 9e426dc647..536871bcfe 100644
|
||||||
|
--- a/libraries/libldap/fetch.c
|
||||||
|
+++ b/libraries/libldap/fetch.c
|
||||||
|
@@ -69,6 +69,8 @@ ldif_open_url(
|
||||||
|
}
|
||||||
|
|
||||||
|
p = ber_strdup( urlstr );
|
||||||
|
+ if ( p == NULL )
|
||||||
|
+ return NULL;
|
||||||
|
|
||||||
|
/* But we should convert to LDAP_DIRSEP before use */
|
||||||
|
if ( LDAP_DIRSEP[0] != '/' ) {
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
@@ -0,0 +1,76 @@
|
|||||||
|
From 3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Howard Chu <hyc@openldap.org>
|
||||||
|
Date: Thu, 25 Aug 2022 16:13:21 +0100
|
||||||
|
Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
|
||||||
|
|
||||||
|
Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
|
||||||
|
failure when dup'ing scheme.
|
||||||
|
|
||||||
|
Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
|
||||||
|
CVE: CVE-2023-2953
|
||||||
|
Signed-off-by: Ashish Sharma <asharma@mvista.com>
|
||||||
|
---
|
||||||
|
libraries/libldap/url.c | 21 ++++++++++++---------
|
||||||
|
1 file changed, 12 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
|
||||||
|
index 7e56564265..8df0abd044 100644
|
||||||
|
--- a/libraries/libldap/url.c
|
||||||
|
+++ b/libraries/libldap/url.c
|
||||||
|
@@ -1386,24 +1386,22 @@ ldap_url_parsehosts(
|
||||||
|
}
|
||||||
|
ludp->lud_port = port;
|
||||||
|
ludp->lud_host = specs[i];
|
||||||
|
- specs[i] = NULL;
|
||||||
|
p = strchr(ludp->lud_host, ':');
|
||||||
|
if (p != NULL) {
|
||||||
|
/* more than one :, IPv6 address */
|
||||||
|
if ( strchr(p+1, ':') != NULL ) {
|
||||||
|
/* allow [address] and [address]:port */
|
||||||
|
if ( *ludp->lud_host == '[' ) {
|
||||||
|
- p = LDAP_STRDUP(ludp->lud_host+1);
|
||||||
|
- /* copied, make sure we free source later */
|
||||||
|
- specs[i] = ludp->lud_host;
|
||||||
|
- ludp->lud_host = p;
|
||||||
|
- p = strchr( ludp->lud_host, ']' );
|
||||||
|
+ p = strchr( ludp->lud_host+1, ']' );
|
||||||
|
if ( p == NULL ) {
|
||||||
|
LDAP_FREE(ludp);
|
||||||
|
ldap_charray_free(specs);
|
||||||
|
return LDAP_PARAM_ERROR;
|
||||||
|
}
|
||||||
|
- *p++ = '\0';
|
||||||
|
+ /* Truncate trailing ']' and shift hostname down 1 char */
|
||||||
|
+ *p = '\0';
|
||||||
|
+ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
|
||||||
|
+ p++;
|
||||||
|
if ( *p != ':' ) {
|
||||||
|
if ( *p != '\0' ) {
|
||||||
|
LDAP_FREE(ludp);
|
||||||
|
@@ -1429,14 +1427,19 @@ ldap_url_parsehosts(
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- ldap_pvt_hex_unescape(ludp->lud_host);
|
||||||
|
ludp->lud_scheme = LDAP_STRDUP("ldap");
|
||||||
|
+ if ( ludp->lud_scheme == NULL ) {
|
||||||
|
+ LDAP_FREE(ludp);
|
||||||
|
+ ldap_charray_free(specs);
|
||||||
|
+ return LDAP_NO_MEMORY;
|
||||||
|
+ }
|
||||||
|
+ specs[i] = NULL;
|
||||||
|
+ ldap_pvt_hex_unescape(ludp->lud_host);
|
||||||
|
ludp->lud_next = *ludlist;
|
||||||
|
*ludlist = ludp;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* this should be an array of NULLs now */
|
||||||
|
- /* except entries starting with [ */
|
||||||
|
ldap_charray_free(specs);
|
||||||
|
return LDAP_SUCCESS;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
||||||
@@ -23,6 +23,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
|
|||||||
file://0001-build-top.mk-unset-STRIP_OPTS.patch \
|
file://0001-build-top.mk-unset-STRIP_OPTS.patch \
|
||||||
file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \
|
file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \
|
||||||
file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \
|
file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \
|
||||||
|
file://CVE-2023-2953-1.patch \
|
||||||
|
file://CVE-2023-2953-2.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96"
|
SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96"
|
||||||
|
|||||||
Reference in New Issue
Block a user