diff options
Diffstat (limited to '')
| -rw-r--r-- | debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch new file mode 100644 index 0000000..de25ed2 --- /dev/null +++ b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch @@ -0,0 +1,58 @@ +From 38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 23 Nov 2020 17:14:00 +0000 +Subject: [PATCH] ITS#9404 fix serialNumberAndIssuerCheck + +Tighten validity checks +--- + servers/slapd/schema_init.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 834f54593d..5b577607de 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -3193,7 +3193,7 @@ serialNumberAndIssuerCheck( + + if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; + +- if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) { ++ if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) { + /* Parse old format */ + is->bv_val = ber_bvchr( in, '$' ); + if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX; +@@ -3224,7 +3224,7 @@ serialNumberAndIssuerCheck( + HAVE_ALL = ( HAVE_ISSUER | HAVE_SN ) + } have = HAVE_NONE; + +- int numdquotes = 0; ++ int numdquotes = 0, gotquote; + struct berval x = *in; + struct berval ni; + x.bv_val++; +@@ -3266,11 +3266,12 @@ serialNumberAndIssuerCheck( + is->bv_val = x.bv_val; + is->bv_len = 0; + +- for ( ; is->bv_len < x.bv_len; ) { ++ for ( gotquote=0; is->bv_len < x.bv_len; ) { + if ( is->bv_val[is->bv_len] != '"' ) { + is->bv_len++; + continue; + } ++ gotquote = 1; + if ( is->bv_val[is->bv_len+1] == '"' ) { + /* double dquote */ + numdquotes++; +@@ -3279,6 +3280,8 @@ serialNumberAndIssuerCheck( + } + break; + } ++ if ( !gotquote ) return LDAP_INVALID_SYNTAX; ++ + x.bv_val += is->bv_len + 1; + x.bv_len -= is->bv_len + 1; + +-- +2.20.1 + |