packages/openldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!56 fix CVE-2020-25709 CVE-2020-25710

Browse Source 
From: @eaglegai
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
This commit is contained in:
openeuler-ci-bot 2021-07-09 03:20:07 +00:00 committed by Gitee
commit 853474c1ba
3 changed files with 59 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2020-25709.patch Normal file
View File

@ -0,0 +1,25 @@
From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 2 Nov 2020 13:12:10 +0000
Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
---
servers/slapd/schema_init.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index ea0d67aa62..28f9e71a16 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
/* Optional version */
if ( tag == LBER_INTEGER ) {
tag = ber_get_int( ber, &version );
- assert( tag == LBER_INTEGER );
- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
}
tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */
if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
--
GitLab

26
CVE-2020-25710.patch Normal file
View File

@ -0,0 +1,26 @@
From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 2 Nov 2020 16:01:14 +0000
Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
---
servers/slapd/schema_init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 5812bc4b66..ea0d67aa62 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -5327,8 +5327,8 @@ csnNormalize23(
}
*ptr = '\0';
- assert( ptr == &bv.bv_val[bv.bv_len] );
- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ if ( ptr != &bv.bv_val[bv.bv_len] ||
+ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
--
GitLab

10
openldap.spec
View File

@ -2,7 +2,7 @@
Name: openldap
Version: 2.4.50
Release: 7
Release: 8
Summary: LDAP support libraries
License: OpenLDAP
URL: https://www.openldap.org/
@ -62,7 +62,8 @@ Patch41: backport-Fix-test-suite.patch
Patch42: backport-ITS-9010-regenerate-configure.patch
Patch43: backport-ITS-9010-More-BDB-HDB-cleanup.patch
Patch44: CVE-2021-27212.patch
Patch45: CVE-2020-25709.patch
Patch46: CVE-2020-25710.patch
BuildRequires: cyrus-sasl-devel openssl-devel krb5-devel unixODBC-devel
BuildRequires: glibc-devel libtool libtool-ltdl-devel groff perl-interpreter perl-devel perl-generators perl-ExtUtils-Embed
@ -172,6 +173,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
@ -451,6 +454,9 @@ popd
%doc ltb-project-openldap-ppolicy-check-password-1.1/README.check_pwd
%changelog
* Fri Jul 09 2021 gaihuiying <gaihuiying1@huawei.com> - 2.4.50-8
- fix CVE-2020-25709 CVE-2020-25710
* Sat Feb 27 2021 orange-snn <songnannan2@huawei.com> - 2.4.50-7
- fix CVE-2021-27212