From 07b6f3452b8975f47803a70069ec5f21725e214a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 19 2021 07:12:04 +0000 Subject: import slapi-nis-0.56.5-4.el7_9 --- diff --git a/SOURCES/cve-2021-3480-fix.patch b/SOURCES/cve-2021-3480-fix.patch new file mode 100644 index 0000000..592c2d3 --- /dev/null +++ b/SOURCES/cve-2021-3480-fix.patch @@ -0,0 +1,33 @@ +From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 7 Apr 2021 14:40:52 +0300 +Subject: [PATCH] CVE-2021-3480: invalid bind DN crash + +For certain LDAP bind operations 389-ds would pass unvalidated bind DN +to bind plugins. A first attempt to normalize the DN would find that out +and should reject the request. + +Signed-off-by: Alexander Bokovoy +--- + src/back-sch.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/back-sch.c b/src/back-sch.c +index a5e4c04..d806627 100644 +--- a/src/back-sch.c ++++ b/src/back-sch.c +@@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag, + rdn = slapi_rdn_new_sdn(cbdata->target_dn); + if (rdn != NULL) { + rdnstr = slapi_rdn_get_nrdn(rdn); ++ if (rdnstr == NULL) { ++ /* normalizing RDN failed, break the search */ ++ slapi_rdn_free(&rdn); ++ return FALSE; ++ } + if (map_match(cbdata->state, group, set, &flag, + strlen(rdnstr), rdnstr, + &ndnlen, &ndn, +-- +2.31.1 + diff --git a/SPECS/slapi-nis.spec b/SPECS/slapi-nis.spec index ef872e6..8d64830 100644 --- a/SPECS/slapi-nis.spec +++ b/SPECS/slapi-nis.spec @@ -11,7 +11,7 @@ Name: slapi-nis Version: 0.56.5 -Release: 3%{?dist} +Release: 4%{?dist} Summary: NIS Server and Schema Compatibility plugins for Directory Server Group: System Environment/Daemons License: GPLv2 @@ -20,6 +20,7 @@ Source0: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz Source1: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc Patch1: slapi-nis-bz1832190.patch Patch2: slapi-nis-fix-valgrind-issues.patch +Patch3: cve-2021-3480-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -67,6 +68,7 @@ for attributes from multiple entries in the tree. %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build libtoolize -f -c @@ -102,6 +104,10 @@ rm -rf $RPM_BUILD_ROOT %{_sbindir}/nisserver-plugin-defs %changelog +* Wed Apr 07 2021 Alexander Bokovoy - 0.56.5-4 +- CVE 2021-3480: slapi-nis: NULL dereference (DoS) with specially crafted Binding DN +- Resolves: rhbz#1942937 + * Fri Jan 29 2021 Alexander Bokovoy - 0.56.5-3 - Fix memory leaks in ID views processing - Resolves: rhbz#1866113