rpms / slapi-nis

Clone
Source Code
GIT

Blame SOURCES/cve-2021-3480-fix.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   5e0101f891c5c56c35579b454989775e098a1e3d
  2.   SOURCES
  3.   cve-2021-3480-fix.patch
Blob History Raw
f1e19a 
From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001
f1e19a 
From: Alexander Bokovoy <abokovoy@redhat.com>
f1e19a 
Date: Wed, 7 Apr 2021 14:40:52 +0300
f1e19a 
Subject: [PATCH] CVE-2021-3480: invalid bind DN crash
f1e19a
f1e19a 
For certain LDAP bind operations 389-ds would pass unvalidated bind DN
f1e19a 
to bind plugins. A first attempt to normalize the DN would find that out
f1e19a 
and should reject the request.
f1e19a
f1e19a 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
f1e19a 
---
f1e19a 
 src/back-sch.c | 5 +++++
f1e19a 
 1 file changed, 5 insertions(+)
f1e19a
f1e19a 
diff --git a/src/back-sch.c b/src/back-sch.c
f1e19a 
index a5e4c04..d806627 100644
f1e19a 
--- a/src/back-sch.c
f1e19a 
+++ b/src/back-sch.c
f1e19a 
@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
f1e19a 
 		rdn = slapi_rdn_new_sdn(cbdata->target_dn);
f1e19a 
 		if (rdn != NULL) {
f1e19a 
 			rdnstr = slapi_rdn_get_nrdn(rdn);
f1e19a 
+			if (rdnstr == NULL) {
f1e19a 
+				/* normalizing RDN failed, break the search */
f1e19a 
+				slapi_rdn_free(&rdn;;
f1e19a 
+				return FALSE;
f1e19a 
+			}
f1e19a 
 			if (map_match(cbdata->state, group, set, &flag,
f1e19a 
 				      strlen(rdnstr), rdnstr,
f1e19a 
 				      &ndnlen, &ndn,
f1e19a 
--
f1e19a 
2.31.1
f1e19a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation