packages/nss-pam-ldapd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:f89a1d83b11b4b5e04e6324b2f0020c814f9c4fe
Branches Tags
packages:main
..
compare: packages:a0b1a450d2cd1bb3d8ca5f1d9a468715d648fb87
Branches Tags
packages:main

No commits in common. "f89a1d83b11b4b5e04e6324b2f0020c814f9c4fe" and "a0b1a450d2cd1bb3d8ca5f1d9a468715d648fb87" have entirely different histories.
f89a1d83b1 ... a0b1a450d2

6 changed files with 7 additions and 142 deletions
Show Stats Expand all files Collapse all files

46
backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch
View File

@ -1,46 +0,0 @@
From 91bb8c995f977d289077e6a6dceff74f4aed60b6 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue, 27 Aug 2024 21:20:29 +0200
Subject: [PATCH] Fix NULL pointer deref on memory allocation failure
This fixes a NULL pointer dereference when a call to malloc() failed.
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/70
---
nslcd/passwd.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
index a4e2678..59b21d0 100644
--- a/nslcd/passwd.c
+++ b/nslcd/passwd.c
@@ -5,7 +5,7 @@
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2006 West Consulting
- Copyright (C) 2006-2017 Arthur de Jong
+ Copyright (C) 2006-2024 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -293,8 +293,16 @@ char *dn2uid(MYLDAP_SESSION *session, const char *dn, char *buf, size_t buflen)
/* see if we have a cached entry */
pthread_mutex_lock(&dn2uid_cache_mutex);
if (dn2uid_cache == NULL)
+ {
dn2uid_cache = dict_new();
- if ((dn2uid_cache != NULL) && ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL))
+ if (dn2uid_cache == NULL)
+ {
+ log_log(LOG_ERR, "dict_new() failed to allocate memory");
+ pthread_mutex_unlock(&dn2uid_cache_mutex);
+ return NULL;
+ }
+ }
+ if ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL)
{
if ((cacheentry->uid != NULL) && (strlen(cacheentry->uid) < buflen))
{
--
2.33.0

29
backport-Fix-memory-leak-in-config-parsing.patch
View File

@ -1,29 +0,0 @@
From 9a353ac7f84a2b6485dd1bb1b272cb8405bd4e9e Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue, 27 Aug 2024 21:39:21 +0200
Subject: [PATCH] Fix memory leak in config parsing
This fixes a one-time memory leak in reading the base configuration
option.
---
nslcd/cfg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 86917d5..6e56161 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -685,7 +685,10 @@ static void handle_base(const char *filename, int lnr,
#endif /* not HAVE_LDAP_DOMAIN2DN */
}
if (strcasecmp(value, "\"\"") == 0)
+ {
+ free(value);
value = "";
+ }
/* find the spot in the list of bases */
for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
if (bases[i] == NULL)
--
2.33.0

27
backport-Fix-off-by-one-error-in-closing-file-descriptors.patch
View File

@ -1,27 +0,0 @@
From 1c9b021e78dc67b9cdca5f9ad10cbde08418ee28 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Mon, 10 Oct 2022 23:15:06 +0200
Subject: [PATCH] Fix off-by one error in closing file descriptors
This could leave file descriptor 3 open from the parent process starting
nslcd.
---
nslcd/daemonize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nslcd/daemonize.c b/nslcd/daemonize.c
index d11d358..be3b386 100644
--- a/nslcd/daemonize.c
+++ b/nslcd/daemonize.c
@@ -50,7 +50,7 @@ void daemonize_closefds(void)
hope we closed enough */
if (i < 0)
i = 32;
- for (; i > 3; i--)
+ for (; i > 2; i--)
close(i);
}
--
2.27.0

2
nslcd.service
View File

@ -5,7 +5,7 @@ Documentation=man:nslcd(8) man:nslcd.conf(5)
[Service] [Service]
Type=forking Type=forking
PIDFile=/run/nslcd/nslcd.pid PIDFile=/var/run/nslcd/nslcd.pid
ExecStart=/usr/sbin/nslcd ExecStart=/usr/sbin/nslcd
RestartSec=10s RestartSec=10s
Restart=on-failure Restart=on-failure

4
nslcd.tmpfiles
View File

@ -1,2 +1,2 @@
# nslcd needs a directory in /run to store its pid file and socket # nslcd needs a directory in /var/run to store its pid file and socket
d /run/nslcd 0775 nslcd root d /var/run/nslcd 0775 nslcd root

41
nss-pam-ldapd.spec
View File

@ -2,7 +2,7 @@
Name: nss-pam-ldapd Name: nss-pam-ldapd
Version: 0.9.12 Version: 0.9.12
Release: 6 Release: 1
Summary: NSS and PAM libraries for name lookups and authentication using LDAP Summary: NSS and PAM libraries for name lookups and authentication using LDAP
License: LGPLv2+ License: LGPLv2+
URL: http://arthurdejong.org/nss-pam-ldapd/ URL: http://arthurdejong.org/nss-pam-ldapd/
@ -13,9 +13,6 @@ Source4: nslcd.service
Patch0: 0001-Disable-pylint-tests.patch Patch0: 0001-Disable-pylint-tests.patch
Patch1: 0002-Watch-for-uint32_t-overflows.patch Patch1: 0002-Watch-for-uint32_t-overflows.patch
Patch2: backport-Fix-off-by-one-error-in-closing-file-descriptors.patch
Patch3: backport-Fix-memory-leak-in-config-parsing.patch
Patch4: backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch
BuildRequires: gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units BuildRequires: gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units
%{?systemd_requires} %{?systemd_requires}
@ -67,7 +64,7 @@ ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{_lib}/libnss_ldap.so
sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \ sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
mkdir -p -m 0755 $RPM_BUILD_ROOT/run/nslcd mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
@ -96,43 +93,13 @@ getent passwd nslcd > /dev/null || \
/%{_lib}/security/pam_ldap.so /%{_lib}/security/pam_ldap.so
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf %attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf %attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf
%config(noreplace) %{_unitdir}/nslcd.service %{_unitdir}/nslcd.service
%attr(0775,nslcd,root) /run/nslcd %attr(0775,nslcd,root) /var/run/nslcd
%files help %files help
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Wed Mar 5 2025 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-6
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Move temporary files from /var/run to /run to delete warning in installing
* Thu Oct 24 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-5
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Fix NULL pointer deref on memory allocation failure
* Wed Oct 09 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix memory leak in config parsing
* Wed May 08 2024 lifeifei <lifeifei@kylinos.cn> - 0.9.12-3
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add noreplace to /usr/lib/systemd/system/nslcd.service
* Wed Oct 19 2022 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-2
- Type:bugfix
- ID:NA
- SUG:restart
- DESC:fix off-by one error in closing file descriptors
* Mon Feb 21 2022 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-1 * Mon Feb 21 2022 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-1
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA