From 333772b6079d37adf4ee1c0accf42c166c28712a Mon Sep 17 00:00:00 2001
From: orange-snn <songnannan2@huawei.com>
Date: Sat, 27 Feb 2021 10:17:59 +0800
Subject: [PATCH] bugfix CVE-2021-27212

---
 CVE-2021-27212.patch | 28 ++++++++++++++++++++++++++++
 openldap.spec        |  7 ++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-27212.patch

diff --git a/CVE-2021-27212.patch b/CVE-2021-27212.patch
new file mode 100644
index 0000000..663cae6
--- /dev/null
+++ b/CVE-2021-27212.patch
@@ -0,0 +1,28 @@
+From 3539fc33212b528c56b716584f2c2994af7c30b0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 6 Feb 2021 20:52:06 +0000
+Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
+
+Reference:https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
+
+---
+ servers/slapd/schema_init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 466899625..914df70eb 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3975,6 +3975,8 @@ issuerAndThisUpdateCheck(
+ 					break;
+ 				}
+ 			}
++			if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
++
+ 			x.bv_val += tu->bv_len + 1;
+ 			x.bv_len -= tu->bv_len + 1;
+ 
+
+-- 
+GitLab
+
diff --git a/openldap.spec b/openldap.spec
index de7324c..6fd22c8 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        6
+Release:        7
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -61,6 +61,7 @@ Patch40:	backport-delete-back-bdb-back-hdb.patch
 Patch41:	backport-Fix-test-suite.patch
 Patch42:	backport-ITS-9010-regenerate-configure.patch
 Patch43:	backport-ITS-9010-More-BDB-HDB-cleanup.patch
+Patch44:	CVE-2021-27212.patch
 
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
@@ -170,6 +171,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch41 -p1
 %patch42 -p1
 %patch43 -p1
+%patch44 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -449,6 +451,9 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Sat Feb 27 2021 orange-snn <songnannan2@huawei.com> - 2.4.50-7
+- fix CVE-2021-27212
+
 * Thu Feb 25 2021 orange-snn <songnannan2@huawei.com> - 2.4.50-6
 - remove libdb-devel in buildrequires and requires.
 
-- 
Gitee