andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 4 months ago
Clone
Source Code
GIT

Blame SOURCES/0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   dd314a2a2d30da5b3e21f7971f0425feae901b62
  2.   SOURCES
  3.   0001-Bug-2027783-CVE-2021-4091-389-ds-base-double-free-of.patch
Blob History Raw
dd314a 
From d41352806f44c47a9e99f9eb1b0bdfef7b0aa4f4 Mon Sep 17 00:00:00 2001
dd314a 
From: Mark Reynolds <mreynolds@redhat.com>
dd314a 
Date: Tue, 25 Jan 2022 12:27:02 -0500
dd314a 
Subject: [PATCH] Bug 2027783 - CVE-2021-4091 389-ds-base: double-free of the
dd314a 
 virtual attribute context in persistent search
dd314a
dd314a 
Description:  Fix double free.  The double free is related to
dd314a 
persistent search req.   It was introduced with i
dd314a 
https://pagure.io/389-ds-base/issue/49097
dd314a
dd314a 
Reviewed by: mreynolds, progier, jchapman
dd314a 
---
dd314a 
 ldap/servers/slapd/pblock.c | 2 ++
dd314a 
 1 file changed, 2 insertions(+)
dd314a
dd314a 
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
dd314a 
index 94e7c0ab7..56bbfc92e 100644
dd314a 
--- a/ldap/servers/slapd/pblock.c
dd314a 
+++ b/ldap/servers/slapd/pblock.c
dd314a 
@@ -330,6 +330,8 @@ slapi_pblock_clone(Slapi_PBlock *pb)
dd314a 
     if (pb->pb_intplugin != NULL) {
dd314a 
         _pblock_assert_pb_intplugin(new_pb);
dd314a 
         *(new_pb->pb_intplugin) = *(pb->pb_intplugin);
dd314a 
+        /* Make sure that only the cloned pblock refers to vattr_context */
dd314a 
+        pb->pb_intplugin->pb_vattr_context = NULL;
dd314a 
     }
dd314a 
     if (pb->pb_deprecated != NULL) {
dd314a 
         _pblock_assert_pb_deprecated(new_pb);
dd314a 
--
dd314a 
2.31.1
dd314a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation