summaryrefslogtreecommitdiffstats
path: root/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch')
-rw-r--r--debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch58
1 files changed, 58 insertions, 0 deletions
diff --git a/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch
new file mode 100644
index 0000000..de25ed2
--- /dev/null
+++ b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch
@@ -0,0 +1,58 @@
+From 38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 23 Nov 2020 17:14:00 +0000
+Subject: [PATCH] ITS#9404 fix serialNumberAndIssuerCheck
+
+Tighten validity checks
+---
+ servers/slapd/schema_init.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 834f54593d..5b577607de 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3193,7 +3193,7 @@ serialNumberAndIssuerCheck(
+
+ if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+- if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
++ if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) {
+ /* Parse old format */
+ is->bv_val = ber_bvchr( in, '$' );
+ if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX;
+@@ -3224,7 +3224,7 @@ serialNumberAndIssuerCheck(
+ HAVE_ALL = ( HAVE_ISSUER | HAVE_SN )
+ } have = HAVE_NONE;
+
+- int numdquotes = 0;
++ int numdquotes = 0, gotquote;
+ struct berval x = *in;
+ struct berval ni;
+ x.bv_val++;
+@@ -3266,11 +3266,12 @@ serialNumberAndIssuerCheck(
+ is->bv_val = x.bv_val;
+ is->bv_len = 0;
+
+- for ( ; is->bv_len < x.bv_len; ) {
++ for ( gotquote=0; is->bv_len < x.bv_len; ) {
+ if ( is->bv_val[is->bv_len] != '"' ) {
+ is->bv_len++;
+ continue;
+ }
++ gotquote = 1;
+ if ( is->bv_val[is->bv_len+1] == '"' ) {
+ /* double dquote */
+ numdquotes++;
+@@ -3279,6 +3280,8 @@ serialNumberAndIssuerCheck(
+ }
+ break;
+ }
++ if ( !gotquote ) return LDAP_INVALID_SYNTAX;
++
+ x.bv_val += is->bv_len + 1;
+ x.bv_len -= is->bv_len + 1;
+
+--
+2.20.1
+