openldap/CVE-2019-13565.patch

From 744a46a1acb93798f4e027290191d6a11dd4c18c Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 10 Jul 2019 21:29:39 +0100
Subject: [PATCH] ITS#9052 zero out sasl_ssf in connection_init

---
 servers/slapd/connection.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index b85bcb4..704067c 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -554,7 +554,7 @@ Connection * connection_init(
 	c->c_close_reason = "?";			/* should never be needed */
 
 	c->c_ssf = c->c_transport_ssf = ssf;
-	c->c_tls_ssf = 0;
+	c->c_tls_ssf = c->c_sasl_ssf = 0;
 
 #ifdef HAVE_TLS
 	if ( flags & CONN_IS_TLS ) {
-- 
1.7.10.4
init 2019-12-29 17:30:53 +08:00			`From 744a46a1acb93798f4e027290191d6a11dd4c18c Mon Sep 17 00:00:00 2001`
			`From: Howard Chu <hyc@openldap.org>`
			`Date: Wed, 10 Jul 2019 21:29:39 +0100`
			`Subject: [PATCH] ITS#9052 zero out sasl_ssf in connection_init`

			`---`
			`servers/slapd/connection.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c`
			`index b85bcb4..704067c 100644`
			`--- a/servers/slapd/connection.c`
			`+++ b/servers/slapd/connection.c`
			`@@ -554,7 +554,7 @@ Connection * connection_init(`
init 2019-12-30 10:57:02 +08:00			`c->c_close_reason = "?"; /* should never be needed */`
init 2019-12-29 17:30:53 +08:00
init 2019-12-30 10:57:02 +08:00			`c->c_ssf = c->c_transport_ssf = ssf;`
			`- c->c_tls_ssf = 0;`
			`+ c->c_tls_ssf = c->c_sasl_ssf = 0;`
init 2019-12-29 17:30:53 +08:00
			`#ifdef HAVE_TLS`
init 2019-12-30 10:57:02 +08:00			`if ( flags & CONN_IS_TLS ) {`
init 2019-12-29 17:30:53 +08:00			`--`
			`1.7.10.4`
init 2019-12-30 10:57:02 +08:00