From 8e0d5d6fdacafd905c52588aa59edd94abd3bf33 Mon Sep 17 00:00:00 2001 From: orange-snn Date: Fri, 21 Feb 2020 17:48:15 +0800 Subject: [PATCH] add make check --- 0001-openldap-bugfix-make-test.patch | 95 +++++++ CVE-2017-17740.patch | 372 --------------------------- openldap.spec | 15 +- 3 files changed, 108 insertions(+), 374 deletions(-) create mode 100644 0001-openldap-bugfix-make-test.patch delete mode 100644 CVE-2017-17740.patch diff --git a/0001-openldap-bugfix-make-test.patch b/0001-openldap-bugfix-make-test.patch new file mode 100644 index 0000000..2911bfc --- /dev/null +++ b/0001-openldap-bugfix-make-test.patch @@ -0,0 +1,95 @@ +From c88b4c85db310ecd0f2f5bb02478cc56f5590d53 Mon Sep 17 00:00:00 2001 +From: Quanah Gibson-Mount +Date: Wed, 3 Oct 2018 20:28:54 +0000 +Subject: [PATCH] Update test044 to catch ITS#8923 + +DTS/AR: +reason: +--- + openldap-2.4.46/tests/scripts/test044-dynlist | 30 +++++++++++++++++++++++++++ + openldap-2.4.46/tests/scripts/defines.sh | 1 + + openldap-2.4.46/tests/scripts/test044-dynlist | 8 ++++---- + 3 file changed, 35 insertions(+), 4 deletions(-) + +diff --git a/tests/scripts/test044-dynlist b/tests/scripts/test044-dynlist +index 07b65c5..4c6390e 100755 +--- a/tests/scripts/test044-dynlist ++++ b/tests/scripts/test044-dynlist +@@ -468,6 +468,36 @@ case $RC in + esac + echo "" >> $SEARCHOUT + ++CMPDN="$BADBJORNSDN" ++echo "Testing list compare (should return FALSE)..." ++echo "# Testing list compare... (should return FALSE)" >> $SEARCHOUT ++$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ ++ "cn=Dynamic List of Members,$LISTDN" "member:$CMPDN" \ ++ >> $SEARCHOUT 2>&1 ++RC=$? ++case $RC in ++5) ++ echo "ldapcompare returned FALSE ($RC)" ++ ;; ++6) ++ echo "ldapcompare returned TRUE ($RC)!" ++ test $KILLSERVERS != no && kill -HUP $KILLPIDS ++ exit $RC ++ ;; ++0) ++ echo "ldapcompare returned success ($RC)!" ++ test $KILLSERVERS != no && kill -HUP $KILLPIDS ++ exit -1 ++ ;; ++*) ++ echo "ldapcompare failed ($RC)!" ++ test $KILLSERVERS != no && kill -HUP $KILLPIDS ++ exit $RC ++ ;; ++esac ++echo "" >> $SEARCHOUT ++ ++ + CMPDN="$BJORNSDN" + echo "Testing list compare (should return FALSE)..." + echo "# Testing list compare (should return FALSE)..." >> $SEARCHOUT + + +diff --git a/openldap-2.4.46/tests/scripts/defines.sh b/openldap-2.4.46/tests/scripts/defines.sh +index 97cf08f..7d62023 100755 +--- a/tests/scripts/defines.sh ++++ b/tests/scripts/defines.sh +@@ -261,6 +261,7 @@ UPDATEDN="cn=Replica,$BASEDN" + PASSWD=secret + BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN" + BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN" ++BADBJORNSDN="cn=Bjorn JensenNotReally,ou=Information Technology DivisioN,ou=People,$BASEDN" + JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN" + JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,$BASEDN" + MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" + + +diff --git a/tests/scripts/test044-dynlist b/tests/scripts/test044-dynlist +index 4c6390e..8ace1a8 100755 +--- a/tests/scripts/test044-dynlist ++++ b/tests/scripts/test044-dynlist +@@ -448,13 +448,13 @@ $LDAPCOMPARE -h $LOCALHOST -p $PORT1 \ + RC=$? + case $RC in + 5) +- echo "ldapcompare returned FALSE ($RC)" +- ;; +-6) +- echo "ldapcompare returned TRUE ($RC)!" ++ echo "ldapcompare returned FALSE ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; ++6) ++ echo "ldapcompare returned TRUE ($RC)" ++ ;; + 0) + echo "ldapcompare returned success ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS +-- +1.8.3.1 + diff --git a/CVE-2017-17740.patch b/CVE-2017-17740.patch deleted file mode 100644 index 555d671..0000000 --- a/CVE-2017-17740.patch +++ /dev/null @@ -1,372 +0,0 @@ -From ce896d538052d20f56f440d1a23fd99da950ed07 Mon Sep 17 00:00:00 2001 -From: Noel Power -Date: Wed, 19 Dec 2018 12:34:13 +0000 -Subject: [PATCH 1/2] Fix segfault in nops when used with membersof overlay - -Allow problematic variables to be defined on heap so modifications -to modlist can happen in other overlay modules - -Signed-off-by: Noel Power ---- - servers/slapd/overlays/memberof.c | 64 +++++++++++++++++++++++++-------------- - 1 file changed, 41 insertions(+), 23 deletions(-) - -diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c -index 40ad6e2..358d5f9 100644 ---- a/servers/slapd/overlays/memberof.c -+++ b/servers/slapd/overlays/memberof.c -@@ -355,10 +355,13 @@ memberof_value_modify( - unsigned long opid = op->o_opid; - SlapReply rs2 = { REP_RESULT }; - slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; -- Modifications mod[ 2 ] = { { { 0 } } }, *ml; -- struct berval values[ 4 ], nvalues[ 4 ]; -+ Modifications *mod[2] = {NULL, NULL}; -+ Modifications *ml = NULL; - int mcnt = 0; - -+ mod[0] = (Modifications*)ch_calloc( sizeof(Modifications), 1 ); -+ mod[1] = (Modifications*)ch_calloc( sizeof(Modifications), 1 ); -+ - op2.o_tag = LDAP_REQ_MODIFY; - - op2.o_req_dn = *ndn; -@@ -375,13 +378,17 @@ memberof_value_modify( - op2.o_dont_replicate = 1; - - if ( !BER_BVISNULL( &mo->mo_ndn ) ) { -- ml = &mod[ mcnt ]; -+ ml = mod[ mcnt ]; - ml->sml_numvals = 1; -- ml->sml_values = &values[ 0 ]; -- ml->sml_values[ 0 ] = mo->mo_dn; -+ ml->sml_values = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ ber_dupbv(&ml->sml_values[ 0 ], &mo->mo_ndn); - BER_BVZERO( &ml->sml_values[ 1 ] ); -- ml->sml_nvalues = &nvalues[ 0 ]; -- ml->sml_nvalues[ 0 ] = mo->mo_ndn; -+ ml->sml_nvalues = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ ber_dupbv(&ml->sml_nvalues[ 0 ], &mo->mo_ndn); - BER_BVZERO( &ml->sml_nvalues[ 1 ] ); - ml->sml_desc = slap_schema.si_ad_modifiersName; - ml->sml_type = ml->sml_desc->ad_cname; -@@ -393,11 +400,17 @@ memberof_value_modify( - mcnt++; - } - -- ml = &mod[ mcnt ]; -+ ml = mod[ mcnt ]; - ml->sml_numvals = 1; -- ml->sml_values = &values[ 2 ]; -+ ml->sml_values = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ BER_BVZERO( &ml->sml_values[ 0 ] ); - BER_BVZERO( &ml->sml_values[ 1 ] ); -- ml->sml_nvalues = &nvalues[ 2 ]; -+ ml->sml_nvalues = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ BER_BVZERO( &ml->sml_nvalues[ 0 ] ); - BER_BVZERO( &ml->sml_nvalues[ 1 ] ); - ml->sml_desc = ad; - ml->sml_type = ml->sml_desc->ad_cname; -@@ -412,11 +425,13 @@ memberof_value_modify( - assert( !BER_BVISNULL( new_dn ) ); - assert( !BER_BVISNULL( new_ndn ) ); - -- ml = &mod[ mcnt ]; -+ ml = mod[ mcnt ]; - ml->sml_op = LDAP_MOD_ADD; - -- ml->sml_values[ 0 ] = *new_dn; -- ml->sml_nvalues[ 0 ] = *new_ndn; -+ ber_memfree(ml->sml_values[ 0 ].bv_val); -+ ber_memfree(ml->sml_nvalues[ 0 ].bv_val); -+ ber_dupbv(&ml->sml_values[ 0 ], new_dn); -+ ber_dupbv(&ml->sml_nvalues[ 0 ], new_dn); - - oex.oe_key = (void *)&memberof; - LDAP_SLIST_INSERT_HEAD(&op2.o_extra, &oex, oe_next); -@@ -433,18 +448,18 @@ memberof_value_modify( - op->o_log_prefix, buf, 0 ); - } - -- assert( op2.orm_modlist == &mod[ mcnt ] ); -- assert( mcnt == 0 || op2.orm_modlist->sml_next == &mod[ 0 ] ); -+ assert( op2.orm_modlist == mod[ mcnt ] ); -+ assert( mcnt == 0 || op2.orm_modlist->sml_next == mod[ 0 ] ); - ml = op2.orm_modlist->sml_next; - if ( mcnt == 1 ) { -- assert( ml == &mod[ 0 ] ); -+ assert( ml == mod[ 0 ] ); - ml = ml->sml_next; - } - if ( ml != NULL ) { - slap_mods_free( ml, 1 ); - } - -- mod[ 0 ].sml_next = NULL; -+ mod[ 0 ]->sml_next = NULL; - } - - if ( old_ndn != NULL ) { -@@ -454,11 +469,13 @@ memberof_value_modify( - assert( !BER_BVISNULL( old_dn ) ); - assert( !BER_BVISNULL( old_ndn ) ); - -- ml = &mod[ mcnt ]; -+ ml = mod[ mcnt ]; - ml->sml_op = LDAP_MOD_DELETE; -- -- ml->sml_values[ 0 ] = *old_dn; -- ml->sml_nvalues[ 0 ] = *old_ndn; -+ -+ ber_memfree(ml->sml_values[ 0 ].bv_val); -+ ber_memfree(ml->sml_nvalues[ 0 ].bv_val); -+ ber_dupbv(&ml->sml_values[ 0 ], old_dn); -+ ber_dupbv(&ml->sml_nvalues[ 0 ], old_dn); - - oex.oe_key = (void *)&memberof; - LDAP_SLIST_INSERT_HEAD(&op2.o_extra, &oex, oe_next); -@@ -475,10 +492,10 @@ memberof_value_modify( - op->o_log_prefix, buf, 0 ); - } - -- assert( op2.orm_modlist == &mod[ mcnt ] ); -+ assert( op2.orm_modlist == mod[ mcnt ] ); - ml = op2.orm_modlist->sml_next; - if ( mcnt == 1 ) { -- assert( ml == &mod[ 0 ] ); -+ assert( ml == mod[ 0 ] ); - ml = ml->sml_next; - } - if ( ml != NULL ) { -@@ -488,6 +505,7 @@ memberof_value_modify( - /* restore original opid */ - op->o_opid = opid; - -+ slap_mods_free( op2.orm_modlist, 1 ); - /* FIXME: if old_group_ndn doesn't exist, both delete __and__ - * add will fail; better split in two operations, although - * not optimal in terms of performance. At least it would --- -2.16.4 - - -From 6bd3ce920e750c21cedf4a118027043d37056950 Mon Sep 17 00:00:00 2001 -From: Noel Power -Date: Wed, 19 Dec 2018 15:51:37 +0000 -Subject: [PATCH 2/2] Remove asserts to allow nops to process. - -The asserts present seem to: -a) ensure that only additions can happen to the modlist -b) that we only delete Modifications that have been added - -These asserts are bound to the assumption that no other overlay -will delete Modifications from the modlist and additionally are -there to protect illegal deletion of Modifications allocated on -the stack. These changes allow Modifications to be deleted via -other overlay modules that could be called. Additionally since -now the modlist elements are allocated on the heap we can delete -them freely now. - -Signed-off-by: Noel Power ---- - servers/slapd/overlays/memberof.c | 129 +++++++++++++++++--------------------- - 1 file changed, 57 insertions(+), 72 deletions(-) - -diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c -index 358d5f9..d49f2d3 100644 ---- a/servers/slapd/overlays/memberof.c -+++ b/servers/slapd/overlays/memberof.c -@@ -334,6 +334,55 @@ memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci ) - return LDAP_SUCCESS; - } - -+static Modifications* -+memberof_value_modlist( -+ Operation *op2, -+ memberof_t *mo, -+ AttributeDescription *ad) -+{ -+ Modifications *ml = NULL; -+ Modifications *result = NULL; -+ if ( !BER_BVISNULL( &mo->mo_ndn ) ) { -+ ml = (Modifications*)ch_calloc( sizeof(Modifications), 1 ); -+ ml->sml_numvals = 1; -+ ml->sml_values = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ ber_dupbv(&ml->sml_values[ 0 ], &mo->mo_ndn); -+ BER_BVZERO( &ml->sml_values[ 1 ] ); -+ ml->sml_nvalues = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ ber_dupbv(&ml->sml_nvalues[ 0 ], &mo->mo_ndn); -+ BER_BVZERO( &ml->sml_nvalues[ 1 ] ); -+ ml->sml_desc = slap_schema.si_ad_modifiersName; -+ ml->sml_type = ml->sml_desc->ad_cname; -+ ml->sml_op = LDAP_MOD_REPLACE; -+ ml->sml_flags = SLAP_MOD_INTERNAL; -+ ml->sml_next = result; -+ result = ml; -+ } -+ -+ ml = (Modifications*)ch_calloc( sizeof(Modifications), 1 ); -+ ml->sml_numvals = 1; -+ ml->sml_values = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ BER_BVZERO( &ml->sml_values[ 0 ] ); -+ BER_BVZERO( &ml->sml_values[ 1 ] ); -+ ml->sml_nvalues = -+ (BerVarray)ch_malloc( -+ (ml->sml_numvals + 1) * sizeof( struct berval )); -+ BER_BVZERO( &ml->sml_nvalues[ 0 ] ); -+ BER_BVZERO( &ml->sml_nvalues[ 1 ] ); -+ ml->sml_desc = ad; -+ ml->sml_type = ml->sml_desc->ad_cname; -+ ml->sml_flags = SLAP_MOD_INTERNAL; -+ ml->sml_next = result; -+ result = ml; -+ return result; -+} -+ - /* - * response callback that adds memberof values when a group is modified. - */ -@@ -355,12 +404,7 @@ memberof_value_modify( - unsigned long opid = op->o_opid; - SlapReply rs2 = { REP_RESULT }; - slap_callback cb = { NULL, slap_null_cb, NULL, NULL }; -- Modifications *mod[2] = {NULL, NULL}; - Modifications *ml = NULL; -- int mcnt = 0; -- -- mod[0] = (Modifications*)ch_calloc( sizeof(Modifications), 1 ); -- mod[1] = (Modifications*)ch_calloc( sizeof(Modifications), 1 ); - - op2.o_tag = LDAP_REQ_MODIFY; - -@@ -377,47 +421,6 @@ memberof_value_modify( - op2.orm_no_opattrs = 1; - op2.o_dont_replicate = 1; - -- if ( !BER_BVISNULL( &mo->mo_ndn ) ) { -- ml = mod[ mcnt ]; -- ml->sml_numvals = 1; -- ml->sml_values = -- (BerVarray)ch_malloc( -- (ml->sml_numvals + 1) * sizeof( struct berval )); -- ber_dupbv(&ml->sml_values[ 0 ], &mo->mo_ndn); -- BER_BVZERO( &ml->sml_values[ 1 ] ); -- ml->sml_nvalues = -- (BerVarray)ch_malloc( -- (ml->sml_numvals + 1) * sizeof( struct berval )); -- ber_dupbv(&ml->sml_nvalues[ 0 ], &mo->mo_ndn); -- BER_BVZERO( &ml->sml_nvalues[ 1 ] ); -- ml->sml_desc = slap_schema.si_ad_modifiersName; -- ml->sml_type = ml->sml_desc->ad_cname; -- ml->sml_op = LDAP_MOD_REPLACE; -- ml->sml_flags = SLAP_MOD_INTERNAL; -- ml->sml_next = op2.orm_modlist; -- op2.orm_modlist = ml; -- -- mcnt++; -- } -- -- ml = mod[ mcnt ]; -- ml->sml_numvals = 1; -- ml->sml_values = -- (BerVarray)ch_malloc( -- (ml->sml_numvals + 1) * sizeof( struct berval )); -- BER_BVZERO( &ml->sml_values[ 0 ] ); -- BER_BVZERO( &ml->sml_values[ 1 ] ); -- ml->sml_nvalues = -- (BerVarray)ch_malloc( -- (ml->sml_numvals + 1) * sizeof( struct berval )); -- BER_BVZERO( &ml->sml_nvalues[ 0 ] ); -- BER_BVZERO( &ml->sml_nvalues[ 1 ] ); -- ml->sml_desc = ad; -- ml->sml_type = ml->sml_desc->ad_cname; -- ml->sml_flags = SLAP_MOD_INTERNAL; -- ml->sml_next = op2.orm_modlist; -- op2.orm_modlist = ml; -- - if ( new_ndn != NULL ) { - BackendInfo *bi = op2.o_bd->bd_info; - OpExtra oex; -@@ -425,7 +428,9 @@ memberof_value_modify( - assert( !BER_BVISNULL( new_dn ) ); - assert( !BER_BVISNULL( new_ndn ) ); - -- ml = mod[ mcnt ]; -+ ml = memberof_value_modlist(&op2, mo, ad); -+ op2.orm_modlist = ml; -+ - ml->sml_op = LDAP_MOD_ADD; - - ber_memfree(ml->sml_values[ 0 ].bv_val); -@@ -447,19 +452,7 @@ memberof_value_modify( - Debug( LDAP_DEBUG_ANY, "%s: %s\n", - op->o_log_prefix, buf, 0 ); - } -- -- assert( op2.orm_modlist == mod[ mcnt ] ); -- assert( mcnt == 0 || op2.orm_modlist->sml_next == mod[ 0 ] ); -- ml = op2.orm_modlist->sml_next; -- if ( mcnt == 1 ) { -- assert( ml == mod[ 0 ] ); -- ml = ml->sml_next; -- } -- if ( ml != NULL ) { -- slap_mods_free( ml, 1 ); -- } -- -- mod[ 0 ]->sml_next = NULL; -+ slap_mods_free( op2.orm_modlist, 1 ); - } - - if ( old_ndn != NULL ) { -@@ -469,7 +462,9 @@ memberof_value_modify( - assert( !BER_BVISNULL( old_dn ) ); - assert( !BER_BVISNULL( old_ndn ) ); - -- ml = mod[ mcnt ]; -+ ml = memberof_value_modlist(&op2, mo, ad); -+ op2.orm_modlist = ml; -+ - ml->sml_op = LDAP_MOD_DELETE; - - ber_memfree(ml->sml_values[ 0 ].bv_val); -@@ -491,21 +486,11 @@ memberof_value_modify( - Debug( LDAP_DEBUG_ANY, "%s: %s\n", - op->o_log_prefix, buf, 0 ); - } -- -- assert( op2.orm_modlist == mod[ mcnt ] ); -- ml = op2.orm_modlist->sml_next; -- if ( mcnt == 1 ) { -- assert( ml == mod[ 0 ] ); -- ml = ml->sml_next; -- } -- if ( ml != NULL ) { -- slap_mods_free( ml, 1 ); -- } -+ slap_mods_free( op2.orm_modlist, 1 ); - } - /* restore original opid */ - op->o_opid = opid; - -- slap_mods_free( op2.orm_modlist, 1 ); - /* FIXME: if old_group_ndn doesn't exist, both delete __and__ - * add will fail; better split in two operations, although - * not optimal in terms of performance. At least it would --- -2.16.4 - diff --git a/openldap.spec b/openldap.spec index 78f7fb6..d024304 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.4.46 -Release: 13 +Release: 14 Summary: LDAP support libraries License: OpenLDAP URL: https://www.openldap.org/ @@ -68,7 +68,7 @@ Patch6035: CVE-2019-13057-2.patch Patch6036: CVE-2019-13057-3.patch Patch6037: CVE-2019-13057-4.patch Patch6038: CVE-2019-13565.patch -Patch6039: CVE-2017-17740.patch +Patch6039: 0001-openldap-bugfix-make-test.patch BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed @@ -182,6 +182,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch6036 -p1 %patch6037 -p1 %patch6038 -p1 +%patch6039 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -407,6 +408,10 @@ fi exit 0 +%check +pushd openldap-%{version} +make check +popd %files %defattr(-,root,root) @@ -461,6 +466,12 @@ exit 0 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Fri Feb 21 2020 songnannan - 2.4.46-14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:bugfix about make check + * Sat Jan 11 2020 zhangrui - 2.4.46-13 - Type:cves - ID:CVE-2017-17740 -- Gitee