From cb2a489891e7af87e3278805926ceae3b7773878 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Mon, 14 Dec 2020 14:46:45 +0800
Subject: [PATCH] fix CVE-2020-25692

---
 CVE-2020-25692.patch | 29 +++++++++++++++++++++++++++++
 openldap.spec        | 10 +++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-25692.patch

diff --git a/CVE-2020-25692.patch b/CVE-2020-25692.patch
new file mode 100644
index 0000000..b3b489b
--- /dev/null
+++ b/CVE-2020-25692.patch
@@ -0,0 +1,29 @@
+From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Oct 2020 14:03:41 +0100
+Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
+
+Just skip normalization if there's no equality rule. We accept
+DNs without equality rules already.
+
+Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
+---
+ servers/slapd/modrdn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
+index c73dd8d..a229755 100644
+--- a/servers/slapd/modrdn.c
++++ b/servers/slapd/modrdn.c
+@@ -505,7 +505,7 @@ slap_modrdn2mods(
+ 			mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ 			ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
+ 			mod_tmp->sml_values[1].bv_val = NULL;
+-			if( desc->ad_type->sat_equality->smr_normalize) {
++			if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
+ 				mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ 				(void) (*desc->ad_type->sat_equality->smr_normalize)(
+ 					SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+-- 
+1.8.3.1
+
diff --git a/openldap.spec b/openldap.spec
index ab6ae7b..b456664 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        1
+Release:        2
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -43,6 +43,7 @@ Patch22:        bugfix-openldap-ITS9160-OOM-Handing.patch
 Patch23:        bugfix-openldap-fix-implicit-function-declaration.patch
 Patch24:        bugfix-openldap-ITS-8650-Fix-Debug-usage-to-follow-RE24-format.patch
 Patch25:        CVE-2020-15719.patch
+Patch26:	CVE-2020-25692.patch
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel chrpath
 BuildRequires:  glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@@ -133,6 +134,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
+%patch26 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -418,6 +420,12 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Mon Dec 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.4.50-2
+- Type:cves
+- ID:CVE-2020-25692
+- SUG:restart
+- DESC:fix CVE-2020-25692
+
 * Tue Aug 25 2020 lunankun<lunankun@huawei.com> - 2.4.50-1
 - Type:requirement
 - ID:NA
-- 
Gitee