rpms / curl

Clone
Source Code
GIT

Blame SOURCES/0062-curl-7.29.0-CVE-2018-1000121.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f0f8d7eb232b023d7cb9dfb16851b7e02d822922
  2.   SOURCES
  3.   0062-curl-7.29.0-CVE-2018-1000121.patch
Blob History Raw
f0f8d7 
From 1d7bcc866591aba5788dc6c701ef8b564d09e329 Mon Sep 17 00:00:00 2001
f0f8d7 
From: Daniel Stenberg <daniel@haxx.se>
f0f8d7 
Date: Tue, 6 Mar 2018 23:02:16 +0100
f0f8d7 
Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL
f0f8d7 
 before using
f0f8d7
f0f8d7 
CVE-2018-1000121
f0f8d7 
Reported-by: Dario Weisser
f0f8d7 
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
f0f8d7
f0f8d7 
Upstream-commit: 9889db043393092e9d4b5a42720bba0b3d58deba
f0f8d7 
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
f0f8d7 
---
f0f8d7 
 lib/openldap.c | 8 ++++----
f0f8d7 
 1 file changed, 4 insertions(+), 4 deletions(-)
f0f8d7
f0f8d7 
diff --git a/lib/openldap.c b/lib/openldap.c
f0f8d7 
index 369309c..d71946d 100644
f0f8d7 
--- a/lib/openldap.c
f0f8d7 
+++ b/lib/openldap.c
f0f8d7 
@@ -435,7 +435,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
f0f8d7
f0f8d7 
   for(ent = ldap_first_message(li->ld, result); ent;
f0f8d7 
     ent = ldap_next_message(li->ld, ent)) {
f0f8d7 
-    struct berval bv, *bvals, **bvp = &bvals;
f0f8d7 
+    struct berval bv, *bvals;
f0f8d7 
     int binary = 0, msgtype;
f0f8d7
f0f8d7 
     msgtype = ldap_msgtype(ent);
f0f8d7 
@@ -481,9 +481,9 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
f0f8d7 
     Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
f0f8d7 
     data->req.bytecount += bv.bv_len + 5;
f0f8d7
f0f8d7 
-    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
f0f8d7 
-      rc == LDAP_SUCCESS;
f0f8d7 
-      rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
f0f8d7 
+    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
f0f8d7 
+        (rc == LDAP_SUCCESS) && bvals;
f0f8d7 
+        rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
f0f8d7 
       int i;
f0f8d7
f0f8d7 
       if(bv.bv_val == NULL) break;
f0f8d7 
--
f0f8d7 
2.14.3
f0f8d7

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation