fix CVE-2020-12243
This commit is contained in:
oli_give_xiao_zi_li
parent
c4d7fcc1f0
commit
83adfe7e2c
125
CVE-2020-12243.patch
Normal file
125
CVE-2020-12243.patch
Normal file
@ -0,0 +1,125 @@
|
||||
From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001
|
||||
From: Howard Chu <hyc@openldap.org>
|
||||
Date: Thu, 16 Apr 2020 01:08:19 +0100
|
||||
Subject: [PATCH] ITS#9202 limit depth of nested filters
|
||||
|
||||
Using a hardcoded limit for now; no reasonable apps
|
||||
should ever run into it.
|
||||
---
|
||||
servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 32 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
|
||||
index 3252cf2..ed57bbd 100644
|
||||
--- a/servers/slapd/filter.c
|
||||
+++ b/servers/slapd/filter.c
|
||||
@@ -37,11 +37,16 @@
|
||||
const Filter *slap_filter_objectClass_pres;
|
||||
const struct berval *slap_filterstr_objectClass_pres;
|
||||
|
||||
+#ifndef SLAPD_MAX_FILTER_DEPTH
|
||||
+#define SLAPD_MAX_FILTER_DEPTH 5000
|
||||
+#endif
|
||||
+
|
||||
static int get_filter_list(
|
||||
Operation *op,
|
||||
BerElement *ber,
|
||||
Filter **f,
|
||||
- const char **text );
|
||||
+ const char **text,
|
||||
+ int depth );
|
||||
|
||||
static int get_ssa(
|
||||
Operation *op,
|
||||
@@ -80,12 +85,13 @@ filter_destroy( void )
|
||||
return;
|
||||
}
|
||||
|
||||
-int
|
||||
-get_filter(
|
||||
+static int
|
||||
+get_filter0(
|
||||
Operation *op,
|
||||
BerElement *ber,
|
||||
Filter **filt,
|
||||
- const char **text )
|
||||
+ const char **text,
|
||||
+ int depth )
|
||||
{
|
||||
ber_tag_t tag;
|
||||
ber_len_t len;
|
||||
@@ -126,6 +132,11 @@ get_filter(
|
||||
*
|
||||
*/
|
||||
|
||||
+ if( depth > SLAPD_MAX_FILTER_DEPTH ) {
|
||||
+ *text = "filter nested too deeply";
|
||||
+ return SLAPD_DISCONNECT;
|
||||
+ }
|
||||
+
|
||||
tag = ber_peek_tag( ber, &len );
|
||||
|
||||
if( tag == LBER_ERROR ) {
|
||||
@@ -221,7 +232,7 @@ get_filter(
|
||||
|
||||
case LDAP_FILTER_AND:
|
||||
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
|
||||
- err = get_filter_list( op, ber, &f.f_and, text );
|
||||
+ err = get_filter_list( op, ber, &f.f_and, text, depth+1 );
|
||||
if ( err != LDAP_SUCCESS ) {
|
||||
break;
|
||||
}
|
||||
@@ -234,7 +245,7 @@ get_filter(
|
||||
|
||||
case LDAP_FILTER_OR:
|
||||
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
|
||||
- err = get_filter_list( op, ber, &f.f_or, text );
|
||||
+ err = get_filter_list( op, ber, &f.f_or, text, depth+1 );
|
||||
if ( err != LDAP_SUCCESS ) {
|
||||
break;
|
||||
}
|
||||
@@ -248,7 +259,7 @@ get_filter(
|
||||
case LDAP_FILTER_NOT:
|
||||
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
|
||||
(void) ber_skip_tag( ber, &len );
|
||||
- err = get_filter( op, ber, &f.f_not, text );
|
||||
+ err = get_filter0( op, ber, &f.f_not, text, depth+1 );
|
||||
if ( err != LDAP_SUCCESS ) {
|
||||
break;
|
||||
}
|
||||
@@ -311,10 +322,22 @@ get_filter(
|
||||
return( err );
|
||||
}
|
||||
|
||||
+int
|
||||
+get_filter(
|
||||
+ Operation *op,
|
||||
+ BerElement *ber,
|
||||
+ Filter **filt,
|
||||
+ const char **text )
|
||||
+{
|
||||
+ return get_filter0( op, ber, filt, text, 0 );
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int
|
||||
get_filter_list( Operation *op, BerElement *ber,
|
||||
Filter **f,
|
||||
- const char **text )
|
||||
+ const char **text,
|
||||
+ int depth )
|
||||
{
|
||||
Filter **new;
|
||||
int err;
|
||||
@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber,
|
||||
tag != LBER_DEFAULT;
|
||||
tag = ber_next_element( ber, &len, last ) )
|
||||
{
|
||||
- err = get_filter( op, ber, new, text );
|
||||
+ err = get_filter0( op, ber, new, text, depth );
|
||||
if ( err != LDAP_SUCCESS )
|
||||
return( err );
|
||||
new = &(*new)->f_next;
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: openldap
|
||||
Version: 2.4.46
|
||||
Release: 15
|
||||
Release: 16
|
||||
Summary: LDAP support libraries
|
||||
License: OpenLDAP
|
||||
URL: https://www.openldap.org/
|
||||
@ -69,6 +69,7 @@ Patch6036: CVE-2019-13057-3.patch
|
||||
Patch6037: CVE-2019-13057-4.patch
|
||||
Patch6038: CVE-2019-13565.patch
|
||||
Patch6039: 0001-openldap-bugfix-make-test.patch
|
||||
Patch6040: CVE-2020-12243.patch
|
||||
|
||||
BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
|
||||
BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
|
||||
@ -183,6 +184,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
|
||||
%patch6037 -p1
|
||||
%patch6038 -p1
|
||||
%patch6039 -p1
|
||||
%patch6040 -p1
|
||||
|
||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||
@ -465,6 +467,12 @@ popd
|
||||
%doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
|
||||
|
||||
%changelog
|
||||
* Thu May 14 2020 lijingyu <lijingyu15@huawei.com> - 2.4.46-16
|
||||
- Type:cves
|
||||
- ID:CVE-2020-12243
|
||||
- SUG:NA
|
||||
- DESC: fix CVE-2020-12243
|
||||
|
||||
* Wed Mar 11 2020 songnannan <songnannan2@huawei.com> - 2.4.46-15
|
||||
- bugfix about conf file
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user