From 15ffbcd2b0edcbee0b87f4a48626f4e01f982287 Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Thu, 27 May 2021 16:13:40 +0800
Subject: [PATCH 1/2] fix CVE-2020-25709

---
 CVE-2020-25709.patch | 25 +++++++++++++++++++++++++
 openldap.spec        |  8 ++++++--
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2020-25709.patch

diff --git a/CVE-2020-25709.patch b/CVE-2020-25709.patch
new file mode 100644
index 0000000..6aa13ca
--- /dev/null
+++ b/CVE-2020-25709.patch
@@ -0,0 +1,25 @@
+From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 13:12:10 +0000
+Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
+
+---
+ servers/slapd/schema_init.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index ea0d67aa62..28f9e71a16 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
+ 	/* Optional version */
+ 	if ( tag == LBER_INTEGER ) {
+ 		tag = ber_get_int( ber, &version );
+-		assert( tag == LBER_INTEGER );
+-		if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
++		if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+ 	}
+ 	tag = ber_skip_tag( ber, &len );	/* Signature Algorithm */
+ 	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+-- 
+GitLab
diff --git a/openldap.spec b/openldap.spec
index 38d0567..7fca85f 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        5
+Release:        6
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -62,7 +62,7 @@ Patch41:	backport-Fix-test-suite.patch
 Patch42:	backport-ITS-9010-regenerate-configure.patch
 Patch43:	backport-ITS-9010-More-BDB-HDB-cleanup.patch
 Patch44:	CVE-2021-27212.patch
-
+Patch45:        CVE-2020-25709.patch
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel chrpath
 BuildRequires:  glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@@ -172,6 +172,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch42 -p1
 %patch43 -p1
 %patch44 -p1
+%patch45 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -454,6 +455,9 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Thu May 27 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.50-6
+- fix CVE-2020-25709
+
 * Sat Feb 27 2021 orange-snn <songnannan2@huawei.com> - 2.4.50-5
 - fix CVE-2021-27212
 
-- 
Gitee


From 1cf816a274ffbc9ae61478ad6cc2d251e060ba7d Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Mon, 21 Jun 2021 14:13:06 +0800
Subject: [PATCH 2/2] fix CVE-2020-25710

---
 CVE-2020-25710.patch | 26 ++++++++++++++++++++++++++
 openldap.spec        |  9 +++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2020-25710.patch

diff --git a/CVE-2020-25710.patch b/CVE-2020-25710.patch
new file mode 100644
index 0000000..3edfe42
--- /dev/null
+++ b/CVE-2020-25710.patch
@@ -0,0 +1,26 @@
+From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 16:01:14 +0000
+Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
+
+---
+ servers/slapd/schema_init.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 5812bc4b66..ea0d67aa62 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -5327,8 +5327,8 @@ csnNormalize23(
+ 	}
+ 	*ptr = '\0';
+ 
+-	assert( ptr == &bv.bv_val[bv.bv_len] );
+-	if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
++	if ( ptr != &bv.bv_val[bv.bv_len] ||
++		csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ 		return LDAP_INVALID_SYNTAX;
+ 	}
+ 
+-- 
+GitLab
diff --git a/openldap.spec b/openldap.spec
index 7fca85f..33e9a7d 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        6
+Release:        7
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -62,7 +62,8 @@ Patch41:	backport-Fix-test-suite.patch
 Patch42:	backport-ITS-9010-regenerate-configure.patch
 Patch43:	backport-ITS-9010-More-BDB-HDB-cleanup.patch
 Patch44:	CVE-2021-27212.patch
-Patch45:        CVE-2020-25709.patch
+Patch45:	CVE-2020-25709.patch
+Patch46:	CVE-2020-25710.patch
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel chrpath
 BuildRequires:  glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@@ -173,6 +174,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch43 -p1
 %patch44 -p1
 %patch45 -p1
+%patch46 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -455,6 +457,9 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Mon Jun 21 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.50-7
+- fix CVE-2020-25710
+
 * Thu May 27 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.50-6
 - fix CVE-2020-25709
 
-- 
Gitee