From 2f2b7ecd9d6a0f5044c24e4f96464942a1d873db Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 7 Apr 2021 14:40:52 +0300 Subject: [PATCH] CVE-2021-3480: invalid bind DN crash For certain LDAP bind operations 389-ds would pass unvalidated bind DN to bind plugins. A first attempt to normalize the DN would find that out and should reject the request. Signed-off-by: Alexander Bokovoy --- src/back-sch.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/back-sch.c b/src/back-sch.c index a5e4c04..d806627 100644 --- a/src/back-sch.c +++ b/src/back-sch.c @@ -1988,6 +1988,11 @@ backend_locate_cb(const char *group, const char *set, bool_t flag, rdn = slapi_rdn_new_sdn(cbdata->target_dn); if (rdn != NULL) { rdnstr = slapi_rdn_get_nrdn(rdn); + if (rdnstr == NULL) { + /* normalizing RDN failed, break the search */ + slapi_rdn_free(&rdn); + return FALSE; + } if (map_match(cbdata->state, group, set, &flag, strlen(rdnstr), rdnstr, &ndnlen, &ndn, -- 2.31.1