From c306a0a67258425f65dc9dd4a7da841878536f20 Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Thu, 24 Oct 2024 16:27:14 +0800 Subject: [PATCH] Fix NULL pointer deref on memory allocation failure --- ...r-deref-on-memory-allocation-failure.patch | 46 +++++++++++++++++++ nss-pam-ldapd.spec | 9 +++- 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch diff --git a/backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch b/backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch new file mode 100644 index 0000000..6421d43 --- /dev/null +++ b/backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch @@ -0,0 +1,46 @@ +From 91bb8c995f977d289077e6a6dceff74f4aed60b6 Mon Sep 17 00:00:00 2001 +From: Arthur de Jong +Date: Tue, 27 Aug 2024 21:20:29 +0200 +Subject: [PATCH] Fix NULL pointer deref on memory allocation failure + +This fixes a NULL pointer dereference when a call to malloc() failed. + +Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/70 +--- + nslcd/passwd.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/nslcd/passwd.c b/nslcd/passwd.c +index a4e2678..59b21d0 100644 +--- a/nslcd/passwd.c ++++ b/nslcd/passwd.c +@@ -5,7 +5,7 @@ + + Copyright (C) 1997-2005 Luke Howard + Copyright (C) 2006 West Consulting +- Copyright (C) 2006-2017 Arthur de Jong ++ Copyright (C) 2006-2024 Arthur de Jong + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public +@@ -293,8 +293,16 @@ char *dn2uid(MYLDAP_SESSION *session, const char *dn, char *buf, size_t buflen) + /* see if we have a cached entry */ + pthread_mutex_lock(&dn2uid_cache_mutex); + if (dn2uid_cache == NULL) ++ { + dn2uid_cache = dict_new(); +- if ((dn2uid_cache != NULL) && ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL)) ++ if (dn2uid_cache == NULL) ++ { ++ log_log(LOG_ERR, "dict_new() failed to allocate memory"); ++ pthread_mutex_unlock(&dn2uid_cache_mutex); ++ return NULL; ++ } ++ } ++ if ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL) + { + if ((cacheentry->uid != NULL) && (strlen(cacheentry->uid) < buflen)) + { +-- +2.33.0 + diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec index a541c14..0356693 100644 --- a/nss-pam-ldapd.spec +++ b/nss-pam-ldapd.spec @@ -2,7 +2,7 @@ Name: nss-pam-ldapd Version: 0.9.12 -Release: 4 +Release: 5 Summary: NSS and PAM libraries for name lookups and authentication using LDAP License: LGPLv2+ URL: http://arthurdejong.org/nss-pam-ldapd/ @@ -15,6 +15,7 @@ Patch0: 0001-Disable-pylint-tests.patch Patch1: 0002-Watch-for-uint32_t-overflows.patch Patch2: backport-Fix-off-by-one-error-in-closing-file-descriptors.patch Patch3: backport-Fix-memory-leak-in-config-parsing.patch +Patch4: backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch BuildRequires: gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units %{?systemd_requires} @@ -102,6 +103,12 @@ getent passwd nslcd > /dev/null || \ %{_mandir}/*/* %changelog +* Thu Oct 24 2024 yixiangzhike - 0.9.12-5 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Fix NULL pointer deref on memory allocation failure + * Wed Oct 09 2024 yixiangzhike - 0.9.12-4 - Type:bugfix - CVE:NA -- Gitee