Blob Blame History Raw
From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 7 Apr 2021 14:40:52 +0300
Subject: [PATCH] CVE-2021-3480: invalid bind DN crash

For certain LDAP bind operations 389-ds would pass unvalidated bind DN
to bind plugins. A first attempt to normalize the DN would find that out
and should reject the request.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 src/back-sch.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/back-sch.c b/src/back-sch.c
index a5e4c04..d806627 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag,
 		rdn = slapi_rdn_new_sdn(cbdata->target_dn);
 		if (rdn != NULL) {
 			rdnstr = slapi_rdn_get_nrdn(rdn);
+			if (rdnstr == NULL) {
+				/* normalizing RDN failed, break the search */
+				slapi_rdn_free(&rdn);
+				return FALSE;
+			}
 			if (map_match(cbdata->state, group, set, &flag,
 				      strlen(rdnstr), rdnstr,
 				      &ndnlen, &ndn,
-- 
2.31.1