Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/openldap/dist/servers/slapd/overlays Apply: htt...
details: https://anonhg.NetBSD.org/src/rev/4ce313988391
branches: trunk
changeset: 806176:4ce313988391
user: christos <christos%NetBSD.org@localhost>
date: Sat Feb 07 17:58:23 2015 +0000
description:
Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;\
h=c32e74763f77675b9e144126e375977ed6dc562c
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL
pointer when a search request includes the Deref control with an empty
list of attributes to return (missing input validation). [CVE-2015-1545]
XXX: Pullup-7
diffstat:
external/bsd/openldap/dist/servers/slapd/overlays/deref.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diffs (19 lines):
diff -r 0cfcce3b26d7 -r 4ce313988391 external/bsd/openldap/dist/servers/slapd/overlays/deref.c
--- a/external/bsd/openldap/dist/servers/slapd/overlays/deref.c Sat Feb 07 17:56:59 2015 +0000
+++ b/external/bsd/openldap/dist/servers/slapd/overlays/deref.c Sat Feb 07 17:58:23 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: deref.c,v 1.1.1.3 2014/05/28 09:58:52 tron Exp $ */
+/* $NetBSD: deref.c,v 1.2 2015/02/07 17:58:23 christos Exp $ */
/* deref.c - dereference overlay */
/* $OpenLDAP$ */
@@ -185,7 +185,8 @@
ber_len_t cnt = sizeof(struct berval);
ber_len_t off = 0;
- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
+ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
+ || !cnt )
{
rs->sr_text = "Dereference control: derefSpec decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
Home |
Main Index |
Thread Index |
Old Index