diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:23:54 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:23:54 +0000 |
commit | fe2751bf1e0388ddfa3fdfa88ed70b2bc94e2173 (patch) | |
tree | 5f743c2fcc2c85b0363602a14ac3753bc5a19abc /debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch | |
parent | Adding upstream version 2.4.47+dfsg. (diff) | |
download | openldap-fe2751bf1e0388ddfa3fdfa88ed70b2bc94e2173.tar.xz openldap-fe2751bf1e0388ddfa3fdfa88ed70b2bc94e2173.zip |
Adding debian version 2.4.47+dfsg-3+deb10u7.debian/2.4.47+dfsg-3+deb10u7debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch')
-rw-r--r-- | debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch b/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch new file mode 100644 index 0000000..618eb3d --- /dev/null +++ b/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch @@ -0,0 +1,45 @@ +From 4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 14 Dec 2020 20:05:44 +0000 +Subject: [PATCH] ITS#9425 add more checks to ldap_X509dn2bv + +--- + libraries/libldap/tls2.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c +index e0c82fa9f8..193d20fdfa 100644 +--- a/libraries/libldap/tls2.c ++++ b/libraries/libldap/tls2.c +@@ -1248,6 +1248,8 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + for ( tag = ber_first_element( ber, &len, &rdn_end ); + tag == LBER_SEQUENCE; + tag = ber_next_element( ber, &len, rdn_end )) { ++ if ( rdn_end > dn_end ) ++ return LDAP_DECODING_ERROR; + tag = ber_skip_tag( ber, &len ); + ber_skip_data( ber, len ); + navas++; +@@ -1257,7 +1259,7 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + /* Rewind and prepare to extract */ + ber_rewind( ber ); + tag = ber_first_element( ber, &len, &dn_end ); +- if ( tag == LBER_DEFAULT ) ++ if ( tag != LBER_SET ) + return LDAP_DECODING_ERROR; + + /* Allocate the DN/RDN/AVA stuff as a single block */ +@@ -1370,6 +1372,10 @@ allocd: + /* X.690 bitString value converted to RFC4517 Bit String */ + rc = der_to_ldap_BitString( &Val, &newAVA->la_value ); + goto allocd; ++ case LBER_DEFAULT: ++ /* decode error */ ++ rc = LDAP_DECODING_ERROR; ++ goto nomem; + default: + /* Not a string type at all */ + newAVA->la_flags = 0; +-- +2.20.1 + |