diff --git a/389-ds-base.spec b/389-ds-base.spec index f60b0ddf975e24773c795724da41a9bd5aa7258b..b42b94fc7fa1ecda89e9d6903375eb5131a71630 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -6,7 +6,7 @@ ExcludeArch: i686 Name: 389-ds-base Summary: Base 389 Directory Server Version: 1.4.3.36 -Release: 4 +Release: 5 License: GPLv3+ URL: https://www.port389.org Source0: https://github.com/389ds/389-ds-base/archive/refs/tags/389-ds-base-%{version}.tar.gz @@ -16,6 +16,8 @@ Source3: https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jema # Refer: https://github.com/389ds/389-ds-base/pull/5374 Patch0: fix-dsidm-posixgroup-get_dn-fails-with-search_ext.patch Patch1: fix-dn2rdn-get-args-error.patch +Patch2: CVE-2024-1062-1.patch +Patch3: CVE-2024-1062-2.patch BuildRequires: nspr-devel nss-devel >= 3.34 perl-generators openldap-devel libdb-devel cyrus-sasl-devel icu BuildRequires: libicu-devel pcre-devel cracklib-devel gcc-c++ net-snmp-devel lm_sensors-devel bzip2-devel @@ -378,6 +380,9 @@ exit 0 %{_mandir}/*/* %changelog +* Mon Feb 05 2024 wangkai <13474090681@163.com> - 1.4.3.36-5 +- Fix CVE-2024-1062 + * Sun Feb 4 2024 liyanan - 1.4.3.36-4 - Add requires 389-ds-base-legacy-tools diff --git a/CVE-2024-1062-1.patch b/CVE-2024-1062-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..1b9c846c05ebd20a170f0ec25c2e3a6c898753ef --- /dev/null +++ b/CVE-2024-1062-1.patch @@ -0,0 +1,116 @@ +From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Tue, 14 Feb 2023 13:34:10 +0100 +Subject: [PATCH] issue 5647 - covscan: memory leak in audit log when adding + entries (#5650) + +covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing. +Issue: 5647 +Reviewed by: @mreynolds389, @droideck +--- + ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++---------------- + 1 file changed, 38 insertions(+), 33 deletions(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 68cbc674dc..3128e04974 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb) + slapi_ch_free_string(&audit_config); + } + ++/* ++ * Write the attribute values to the audit log as "comments" ++ * ++ * Slapi_Attr *entry - the attribute begin logged. ++ * char *attrname - the attribute name. ++ * lenstr *l - the audit log buffer ++ * ++ * Resulting output in the log: ++ * ++ * #ATTR: VALUE ++ * #ATTR: VALUE ++ */ ++static void ++log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l) ++{ ++ Slapi_Value **vals = attr_get_present_values(entry_attr); ++ for(size_t i = 0; vals && vals[i]; i++) { ++ char log_val[256] = ""; ++ const struct berval *bv = slapi_value_get_berval(vals[i]); ++ if (bv->bv_len >= 256) { ++ strncpy(log_val, bv->bv_val, 252); ++ strcpy(log_val+252, "..."); ++ } else { ++ strncpy(log_val, bv->bv_val, bv->bv_len); ++ log_val[bv->bv_len] = 0; ++ } ++ addlenstr(l, "#"); ++ addlenstr(l, attrname); ++ addlenstr(l, ": "); ++ addlenstr(l, log_val); ++ addlenstr(l, "\n"); ++ } ++} ++ + /* + * Write "requested" attributes from the entry to the audit log as "comments" + * +@@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr; + req_attr = ldap_utf8strtok_r(NULL, ", ", &last)) + { +- char **vals = slapi_entry_attr_get_charray(entry, req_attr); +- for(size_t i = 0; vals && vals[i]; i++) { +- char log_val[256] = {0}; +- +- if (strlen(vals[i]) > 256) { +- strncpy(log_val, vals[i], 252); +- strcat(log_val, "..."); +- } else { +- strcpy(log_val, vals[i]); +- } +- addlenstr(l, "#"); +- addlenstr(l, req_attr); +- addlenstr(l, ": "); +- addlenstr(l, log_val); +- addlenstr(l, "\n"); ++ slapi_entry_attr_find(entry, req_attr, &entry_attr); ++ if (entry_attr) { ++ log_entry_attr(entry_attr, req_attr, l); + } + } + } else { +@@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + for (; entry_attr; entry_attr = entry_attr->a_next) { + Slapi_Value **vals = attr_get_present_values(entry_attr); + char *attr = NULL; +- const char *val = NULL; + + slapi_attr_get_type(entry_attr, &attr); + if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) { +@@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + addlenstr(l, ": ****************************\n"); + continue; + } +- +- for(size_t i = 0; vals && vals[i]; i++) { +- char log_val[256] = {0}; +- +- val = slapi_value_get_string(vals[i]); +- if (strlen(val) > 256) { +- strncpy(log_val, val, 252); +- strcat(log_val, "..."); +- } else { +- strcpy(log_val, val); +- } +- addlenstr(l, "#"); +- addlenstr(l, attr); +- addlenstr(l, ": "); +- addlenstr(l, log_val); +- addlenstr(l, "\n"); +- } ++ log_entry_attr(entry_attr, attr, l); + } + } + slapi_ch_free_string(&display_attrs); diff --git a/CVE-2024-1062-2.patch b/CVE-2024-1062-2.patch new file mode 100644 index 0000000000000000000000000000000000000000..80457474325218be78d4e04e107fdfc3a3da3f63 --- /dev/null +++ b/CVE-2024-1062-2.patch @@ -0,0 +1,24 @@ +From be7c2b82958e91ce08775bf6b5da3c311d3b00e5 Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Mon, 20 Feb 2023 16:14:05 +0100 +Subject: [PATCH] Issue 5647 - Fix unused variable warning from previous commit + (#5670) + +* issue 5647 - memory leak in audit log when adding entries +* Issue 5647 - Fix unused variable warning from previous commit +--- + ldap/servers/slapd/auditlog.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 3128e04974..0597ecc6f1 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -254,7 +254,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + } else { + /* Return all attributes */ + for (; entry_attr; entry_attr = entry_attr->a_next) { +- Slapi_Value **vals = attr_get_present_values(entry_attr); + char *attr = NULL; + + slapi_attr_get_type(entry_attr, &attr);