diff --git a/SOURCES/openldap-cldap-check-for-error-on-connected-socket.patch b/SOURCES/openldap-cldap-check-for-error-on-connected-socket.patch new file mode 100644 index 0000000..bade69a --- /dev/null +++ b/SOURCES/openldap-cldap-check-for-error-on-connected-socket.patch @@ -0,0 +1,41 @@ +From ec5eba5393e5cc65b05e54658c55500cdbff775a Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Wed, 26 Aug 2020 13:22:52 +0100 +Subject: [PATCH 01/34] ITS#9328 cldap: check for error on connected socket + +libldap doesn't use a connected socket for UDP sessions, but 3rd +parties can, passed in with ldap_init_fd(). +--- + libraries/libldap/result.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c +index bdced135b..e2b220630 100644 +--- a/libraries/libldap/result.c ++++ b/libraries/libldap/result.c +@@ -486,7 +486,8 @@ retry: + #ifdef LDAP_CONNECTIONLESS + if ( LDAP_IS_UDP(ld) ) { + struct sockaddr_storage from; +- ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr_storage) ); ++ if ( ber_int_sb_read( lc->lconn_sb, &from, sizeof(struct sockaddr_storage) ) < 0 ) ++ goto fail; + if ( ld->ld_options.ldo_version == LDAP_VERSION2 ) isv2 = 1; + } + nextresp3: +@@ -502,10 +503,11 @@ nextresp3: + break; + + case LBER_DEFAULT: ++fail: + err = sock_errno(); + #ifdef LDAP_DEBUG + Debug( LDAP_DEBUG_CONNS, +- "ber_get_next failed.\n", 0, 0, 0 ); ++ "ber_get_next failed, errno=%d.\n", err, 0, 0 ); + #endif + if ( err == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING; + if ( err == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING; +-- +2.26.2 + diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 937b7a3..af1ba5d 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec @@ -5,7 +5,7 @@ Name: openldap Version: 2.4.46 -Release: 15%{?dist} +Release: 16%{?dist} Summary: LDAP support libraries License: OpenLDAP URL: http://www.openldap.org/ @@ -26,6 +26,7 @@ Patch2: openldap-reentrant-gethostby.patch Patch3: openldap-smbk5pwd-overlay.patch Patch5: openldap-ai-addrconfig.patch Patch17: openldap-allop-overlay.patch +Patch18: openldap-cldap-check-for-error-on-connected-socket.patch # fix back_perl problems with lt_dlopen() # might cause crashes because of symbol collisions @@ -130,6 +131,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch3 -p1 %patch5 -p1 %patch17 -p1 +%patch18 -p1 %patch19 -p1 %patch20 -p1 %patch22 -p1 @@ -518,6 +520,9 @@ exit 0 %{_mandir}/man3/* %changelog +* Thu Sep 10 2020 Simon Pichugin - 2.4.46-16 +- CLDAP ldap_result hangs if nobody listens on the port (#1875361) + * Thu Jun 18 2020 Matus Honek - 2.4.46-15 - Fix covscan issues from previous release (#1822737)