Blame SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch

7c7f29
From 114221f292d0f8609d98bdad59feb3d460639673 Mon Sep 17 00:00:00 2001
7c7f29
From: Ludwig Krispenz <lkrispen@redhat.com>
7c7f29
Date: Thu, 4 Aug 2016 11:45:49 -0700
7c7f29
Subject: [PATCH 29/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
7c7f29
 disclosure via repeated use of LDAP ADD operation, etc.
7c7f29
7c7f29
Description: do not overwrite rc used to decide if bind was successful.
7c7f29
When the bind is through ldapi/autobind, an entry does not exist to be
7c7f29
checked with slapi_check_account_lock.  In that case, a variable rc is
7c7f29
not supposed to be modified which confuses the following code path.
7c7f29
7c7f29
Reviewed by nhosoi@redhat.com.
7c7f29
7c7f29
(cherry picked from commit caa351ae0cc81cbf2309a43c5f74b359cda152d0)
7c7f29
---
7c7f29
 ldap/servers/slapd/bind.c | 6 ++++--
7c7f29
 1 file changed, 4 insertions(+), 2 deletions(-)
7c7f29
7c7f29
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
7c7f29
index c271577..3054c1f 100644
7c7f29
--- a/ldap/servers/slapd/bind.c
7c7f29
+++ b/ldap/servers/slapd/bind.c
7c7f29
@@ -775,10 +775,12 @@ do_bind( Slapi_PBlock *pb )
7c7f29
                      */
7c7f29
                     if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
7c7f29
                         bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
7c7f29
-                        rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
7c7f29
-                        if (1 == rc) { /* account is locked */
7c7f29
+                        myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
7c7f29
+                        if (1 == myrc) { /* account is locked */
7c7f29
+                            rc = myrc;
7c7f29
                             goto account_locked;
7c7f29
                         }
7c7f29
+                        myrc = 0;
7c7f29
                     }
7c7f29
                     if (!auto_bind) {
7c7f29
                         /* 
7c7f29
-- 
7c7f29
2.4.11
7c7f29