rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0021-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   6f51e1d17eb4993176815fb50c6b3c147b0ef922
  2.   SOURCES
  3.   0021-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
Blob History Raw
6f51e1 
From ea60248d99abb8fed9f7a2b1ab7325c5523b8562 Mon Sep 17 00:00:00 2001
6f51e1 
From: Ludwig Krispenz <lkrispen@redhat.com>
6f51e1 
Date: Mon, 3 Apr 2017 09:32:20 +0200
6f51e1 
Subject: [PATCH] fix for cve 2017-2668 - simple return text if suffix not
6f51e1 
 found
6f51e1
6f51e1 
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436575
6f51e1
6f51e1 
Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
6f51e1 
---
6f51e1 
 ldap/servers/slapd/defbackend.c | 75 ++---------------------------------------
6f51e1 
 1 file changed, 2 insertions(+), 73 deletions(-)
6f51e1
6f51e1 
diff --git a/ldap/servers/slapd/defbackend.c b/ldap/servers/slapd/defbackend.c
6f51e1 
index 6fd74a3..6cd2c04 100644
6f51e1 
--- a/ldap/servers/slapd/defbackend.c
6f51e1 
+++ b/ldap/servers/slapd/defbackend.c
6f51e1 
@@ -166,50 +166,7 @@ defbackend_abandon( Slapi_PBlock *pb )
6f51e1 
 }
6f51e1
6f51e1
6f51e1 
-#define DEFBE_NO_SUCH_SUFFIX "No such suffix"
6f51e1 
-/*
6f51e1 
- * Generate a "No such suffix" return text
6f51e1 
- * Example:
6f51e1 
- *   cn=X,dc=bogus,dc=com ==> "No such suffix (dc=bogus,dc=com)"
6f51e1 
- *     if the last rdn starts with "dc=", print all last dc= rdn's.
6f51e1 
- *   cn=X,cn=bogus ==> "No such suffix (cn=bogus)"
6f51e1 
- *     otherwise, print the very last rdn.
6f51e1 
- *   cn=X,z=bogus ==> "No such suffix (x=bogus)"
6f51e1 
- *     it is true even if it is an invalid rdn.
6f51e1 
- *   cn=X,bogus ==> "No such suffix (bogus)"
6f51e1 
- *     another example of invalid rdn.
6f51e1 
- */
6f51e1 
-static void
6f51e1 
-_defbackend_gen_returntext(char *buffer, size_t buflen, char **dns)
6f51e1 
-{
6f51e1 
-    int dnidx;
6f51e1 
-    int sidx;
6f51e1 
-    struct suffix_repeat {
6f51e1 
-        char *suffix;
6f51e1 
-        int size;
6f51e1 
-    } candidates[] = {
6f51e1 
-        {"dc=", 3}, /* dc could be repeated.  otherwise the last rdn is used. */
6f51e1 
-        {NULL, 0}
6f51e1 
-    };
6f51e1 
-    PR_snprintf(buffer, buflen, "%s (", DEFBE_NO_SUCH_SUFFIX);
6f51e1 
-    for (dnidx = 0; dns[dnidx]; dnidx++) ; /* finding the last */
6f51e1 
-    dnidx--; /* last rdn */
6f51e1 
-    for (sidx = 0; candidates[sidx].suffix; sidx++) {
6f51e1 
-        if (!PL_strncasecmp(dns[dnidx], candidates[sidx].suffix, candidates[sidx].size)) {
6f51e1 
-            while (!PL_strncasecmp(dns[--dnidx], candidates[sidx].suffix, candidates[sidx].size)) ;
6f51e1 
-            PL_strcat(buffer, dns[++dnidx]); /* the first "dn=", e.g. */
6f51e1 
-            for (++dnidx; dns[dnidx]; dnidx++) {
6f51e1 
-                PL_strcat(buffer, ",");
6f51e1 
-                PL_strcat(buffer, dns[dnidx]);
6f51e1 
-            }
6f51e1 
-            PL_strcat(buffer, ")");
6f51e1 
-            return; /* finished the task */
6f51e1 
-        }
6f51e1 
-    }
6f51e1 
-    PL_strcat(buffer, dns[dnidx]);
6f51e1 
-    PL_strcat(buffer, ")");
6f51e1 
-    return;
6f51e1 
-}
6f51e1 
+#define DEFBE_NO_SUCH_SUFFIX "No suffix for bind dn found"
6f51e1
6f51e1 
 static int
6f51e1 
 defbackend_bind( Slapi_PBlock *pb )
6f51e1 
@@ -231,36 +188,8 @@ defbackend_bind( Slapi_PBlock *pb )
6f51e1 
         slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds);
6f51e1 
         rc = SLAPI_BIND_ANONYMOUS;
6f51e1 
     } else {
6f51e1 
-        Slapi_DN *sdn = NULL;
6f51e1 
-        char *suffix = NULL;
6f51e1 
-        char **dns = NULL;
6f51e1 
-
6f51e1 
-        if (pb->pb_op) {
6f51e1 
-            sdn = operation_get_target_spec(pb->pb_op);
6f51e1 
-            if (sdn) {
6f51e1 
-                dns = slapi_ldap_explode_dn(slapi_sdn_get_dn(sdn), 0);
6f51e1 
-                if (dns) {
6f51e1 
-                    size_t dnlen = slapi_sdn_get_ndn_len(sdn);
6f51e1 
-                    size_t len = dnlen + sizeof(DEFBE_NO_SUCH_SUFFIX) + 4;
6f51e1 
-                    suffix = slapi_ch_malloc(len);
6f51e1 
-                    if (dnlen) {
6f51e1 
-                        _defbackend_gen_returntext(suffix, len, dns);
6f51e1 
-                    } else {
6f51e1 
-                        PR_snprintf(suffix, len, "%s", DEFBE_NO_SUCH_SUFFIX);
6f51e1 
-                    }
6f51e1 
-                }
6f51e1 
-            }
6f51e1 
-        }
6f51e1 
-        if (suffix) {
6f51e1 
-            slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, suffix);
6f51e1 
-        } else {
6f51e1 
-            slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, DEFBE_NO_SUCH_SUFFIX);
6f51e1 
-        }
6f51e1 
+        slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, DEFBE_NO_SUCH_SUFFIX);
6f51e1 
         send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
6f51e1 
-        if (dns) {
6f51e1 
-            slapi_ldap_value_free(dns);
6f51e1 
-        }
6f51e1 
-        slapi_ch_free_string(&suffix);
6f51e1 
         rc = SLAPI_BIND_FAIL;
6f51e1 
     }
6f51e1
6f51e1 
--
6f51e1 
2.9.3
6f51e1

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation