diff --git a/backport-ITS-9904-check-for-strdup-failure.patch b/backport-ITS-9904-check-for-strdup-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..8044f610b68c359f5c89312e2c4644156ea8eaa6 --- /dev/null +++ b/backport-ITS-9904-check-for-strdup-failure.patch @@ -0,0 +1,70 @@ +From 3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Thu, 25 Aug 2022 16:13:21 +0100 +Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure + +Avoid unnecessary strdup in IPv6 addr parsing, check for strdup +failure when dup'ing scheme. + +Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59 +--- + libraries/libldap/url.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c +index 7e56564265..8df0abd044 100644 +--- a/libraries/libldap/url.c ++++ b/libraries/libldap/url.c +@@ -1386,24 +1386,22 @@ ldap_url_parsehosts( + } + ludp->lud_port = port; + ludp->lud_host = specs[i]; +- specs[i] = NULL; + p = strchr(ludp->lud_host, ':'); + if (p != NULL) { + /* more than one :, IPv6 address */ + if ( strchr(p+1, ':') != NULL ) { + /* allow [address] and [address]:port */ + if ( *ludp->lud_host == '[' ) { +- p = LDAP_STRDUP(ludp->lud_host+1); +- /* copied, make sure we free source later */ +- specs[i] = ludp->lud_host; +- ludp->lud_host = p; +- p = strchr( ludp->lud_host, ']' ); ++ p = strchr( ludp->lud_host+1, ']' ); + if ( p == NULL ) { + LDAP_FREE(ludp); + ldap_charray_free(specs); + return LDAP_PARAM_ERROR; + } +- *p++ = '\0'; ++ /* Truncate trailing ']' and shift hostname down 1 char */ ++ *p = '\0'; ++ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host ); ++ p++; + if ( *p != ':' ) { + if ( *p != '\0' ) { + LDAP_FREE(ludp); +@@ -1429,14 +1427,19 @@ ldap_url_parsehosts( + } + } + } +- ldap_pvt_hex_unescape(ludp->lud_host); + ludp->lud_scheme = LDAP_STRDUP("ldap"); ++ if ( ludp->lud_scheme == NULL ) { ++ LDAP_FREE(ludp); ++ ldap_charray_free(specs); ++ return LDAP_NO_MEMORY; ++ } ++ specs[i] = NULL; ++ ldap_pvt_hex_unescape(ludp->lud_host); + ludp->lud_next = *ludlist; + *ludlist = ludp; + } + + /* this should be an array of NULLs now */ +- /* except entries starting with [ */ + ldap_charray_free(specs); + return LDAP_SUCCESS; + } +-- diff --git a/openldap.spec b/openldap.spec index 63154ad5ead457567a898bb8dd89a0ca7aecb4ed..7b2a7efeb7478ab352aad9cadf85725bff59be9a 100644 --- a/openldap.spec +++ b/openldap.spec @@ -2,7 +2,7 @@ Name: openldap Version: 2.6.0 -Release: 5 +Release: 6 Summary: LDAP support libraries License: OpenLDAP URL: https://www.openldap.org/ @@ -65,6 +65,7 @@ Patch6034: backport-ITS-9876-Some-more-leaks-plugged.patch Patch6035: backport-ITS-9882-bind-fix-9863-commit-use-correct-op-backend.patch Patch6036: backport-ITS-9898-tests-fix-slapd-addel-non-std-syntax.patch Patch6037: backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch +Patch6038: backport-ITS-9904-check-for-strdup-failure.patch BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel @@ -179,6 +180,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch6035 -p1 %patch6036 -p1 %patch6037 -p1 +%patch6038 -p1 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd @@ -465,6 +467,12 @@ popd %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd %changelog +* Wed Jun 7 2023 zhujunhao - 2.6.0-6 +- Type:cve +- CVE:cve-2023-2953 +- SUG:restart +- DESC:fix cve-2023-2953 + * Tue Feb 28 2023 zhujunhao - 2.6.0-5 - Type:bugfix - ID:NA