From 8869fe1052398e8b8642e500074995bee2a3592e Mon Sep 17 00:00:00 2001
From: compile_success <980965867@qq.com>
Date: Wed, 7 Jun 2023 08:58:58 +0000
Subject: [PATCH] fix cve-2023-2953

---
 ...rt-ITS-9904-check-for-strdup-failure.patch | 70 +++++++++++++++++++
 ...pen_url-check-for-ber_strdup-failure.patch | 26 +++++++
 openldap.spec                                 |  9 ++-
 3 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 backport-ITS-9904-check-for-strdup-failure.patch
 create mode 100644 backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch

diff --git a/backport-ITS-9904-check-for-strdup-failure.patch b/backport-ITS-9904-check-for-strdup-failure.patch
new file mode 100644
index 0000000..8044f61
--- /dev/null
+++ b/backport-ITS-9904-check-for-strdup-failure.patch
@@ -0,0 +1,70 @@
+From 3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 25 Aug 2022 16:13:21 +0100
+Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
+
+Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
+failure when dup'ing scheme.
+
+Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
+---
+ libraries/libldap/url.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
+index 7e56564265..8df0abd044 100644
+--- a/libraries/libldap/url.c
++++ b/libraries/libldap/url.c
+@@ -1386,24 +1386,22 @@ ldap_url_parsehosts(
+ 		}
+ 		ludp->lud_port = port;
+ 		ludp->lud_host = specs[i];
+-		specs[i] = NULL;
+ 		p = strchr(ludp->lud_host, ':');
+ 		if (p != NULL) {
+ 			/* more than one :, IPv6 address */
+ 			if ( strchr(p+1, ':') != NULL ) {
+ 				/* allow [address] and [address]:port */
+ 				if ( *ludp->lud_host == '[' ) {
+-					p = LDAP_STRDUP(ludp->lud_host+1);
+-					/* copied, make sure we free source later */
+-					specs[i] = ludp->lud_host;
+-					ludp->lud_host = p;
+-					p = strchr( ludp->lud_host, ']' );
++					p = strchr( ludp->lud_host+1, ']' );
+ 					if ( p == NULL ) {
+ 						LDAP_FREE(ludp);
+ 						ldap_charray_free(specs);
+ 						return LDAP_PARAM_ERROR;
+ 					}
+-					*p++ = '\0';
++					/* Truncate trailing ']' and shift hostname down 1 char */
++					*p = '\0';
++					AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
++					p++;
+ 					if ( *p != ':' ) {
+ 						if ( *p != '\0' ) {
+ 							LDAP_FREE(ludp);
+@@ -1429,14 +1427,19 @@ ldap_url_parsehosts(
+ 				}
+ 			}
+ 		}
+-		ldap_pvt_hex_unescape(ludp->lud_host);
+ 		ludp->lud_scheme = LDAP_STRDUP("ldap");
++		if ( ludp->lud_scheme == NULL ) {
++			LDAP_FREE(ludp);
++			ldap_charray_free(specs);
++			return LDAP_NO_MEMORY;
++		}
++		specs[i] = NULL;
++		ldap_pvt_hex_unescape(ludp->lud_host);
+ 		ludp->lud_next = *ludlist;
+ 		*ludlist = ludp;
+ 	}
+ 
+ 	/* this should be an array of NULLs now */
+-	/* except entries starting with [ */
+ 	ldap_charray_free(specs);
+ 	return LDAP_SUCCESS;
+ }
+-- 
diff --git a/backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch b/backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
new file mode 100644
index 0000000..8670d1b
--- /dev/null
+++ b/backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
@@ -0,0 +1,26 @@
+From ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 24 Aug 2022 14:40:51 +0100
+Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
+
+Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
+---
+ libraries/libldap/fetch.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
+index 9e426dc64..536871bcf 100644
+--- a/libraries/libldap/fetch.c
++++ b/libraries/libldap/fetch.c
+@@ -69,6 +69,8 @@ ldif_open_url(
+ 		}
+ 
+ 		p = ber_strdup( urlstr );
++		if ( p == NULL )
++			return NULL;
+ 
+ 		/* But we should convert to LDAP_DIRSEP before use */
+ 		if ( LDAP_DIRSEP[0] != '/' ) {
+-- 
+2.33.0
+
diff --git a/openldap.spec b/openldap.spec
index 7a5fd0c..8980466 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -2,7 +2,7 @@
 
 Name:           openldap
 Version:        2.4.50
-Release:        7
+Release:        8
 Summary:        LDAP support libraries
 License:        OpenLDAP
 URL:            https://www.openldap.org/
@@ -65,6 +65,8 @@ Patch44:	CVE-2021-27212.patch
 Patch45:        CVE-2020-25709.patch
 Patch46:        CVE-2020-25710.patch
 Patch47:        backport-fix-cve-2022-29155.patch
+Patch48:        backport-ITS-9904-check-for-strdup-failure.patch
+Patch49:        backport-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
 
 BuildRequires:  cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel chrpath
 BuildRequires:  glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@@ -177,6 +179,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch45 -p1
 %patch46 -p1
 %patch47 -p1
+%patch48 -p1
+%patch49 -p1
 
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@@ -459,6 +463,9 @@ popd
 %doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
 
 %changelog
+* Wed Jun 7 2023 zhujunhao <zhujunhao11@huawei.com> - 2.4.50-8
+- fix CVE-2023-2953
+
 * Mon May 16 2022 zhujunhao <zhujunhao11@huawei.com> - 2.4.50-7
 - fix CVE-2022-29155
 
-- 
Gitee