From 4e766136df34197c913985748721ef15cbbda2a2 Mon Sep 17 00:00:00 2001 From: lijingyuan007 <18829898205@163.com> Date: Fri, 23 Jul 2021 11:30:22 +0800 Subject: [PATCH] fix CVE-2020-25709 CVE-2020-25710 --- CVE-2020-25709.patch | 25 +++++++++++++++++++++++++ CVE-2020-25710.patch | 26 ++++++++++++++++++++++++++ openldap.spec | 13 +++++++++++-- 3 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 CVE-2020-25709.patch create mode 100644 CVE-2020-25710.patch diff --git a/CVE-2020-25709.patch b/CVE-2020-25709.patch new file mode 100644 index 0000000..6aa13ca --- /dev/null +++ b/CVE-2020-25709.patch @@ -0,0 +1,25 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa62..28f9e71a16 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +GitLab diff --git a/CVE-2020-25710.patch b/CVE-2020-25710.patch new file mode 100644 index 0000000..3edfe42 --- /dev/null +++ b/CVE-2020-25710.patch @@ -0,0 +1,26 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 5812bc4b66..ea0d67aa62 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5327,8 +5327,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + +-- +GitLab diff --git a/openldap.spec b/openldap.spec index 0a972f1..4adb623 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.4.50 -Release: 4 +Release: 5 Summary: LDAP support libraries License: OpenLDAP URL: https://www.openldap.org/ @@ -58,7 +58,8 @@ Patch37: CVE-2020-36228.patch Patch38: CVE-2020-36230.patch Patch39: CVE-2020-36229.patch Patch40: CVE-2021-27212.patch - +Patch41: CVE-2020-25709.patch +Patch42: CVE-2020-25710.patch BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel chrpath BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed @@ -164,6 +165,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch38 -p1 %patch39 -p1 %patch40 -p1 +%patch41 -p1 +%patch42 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -449,6 +452,12 @@ popd %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Fri Jul 23 2021 lijingyuan - 2.4.50-5 +- Type:cves +- ID:NA +- SUG:restart +- DESC:fix CVE-2020-25709 CVE-2020-25710 + * Sat Feb 27 2021 orange-snn - 2.4.50-4 - fix CVE-2021-27212 -- Gitee