summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-05-30 18:04:11 -0400
committerLeo Famulari <leo@famulari.name>2017-05-30 18:15:23 -0400
commitb0415c0361606d8d43cdc0841ad9cf74e1079861 (patch)
tree6ad853f10290ae88cf7ff851220acb40bd469ce2
parent8e33bc18165fa40cb122f3c2488c8e99958fb319 (diff)
downloadguix-b0415c0361606d8d43cdc0841ad9cf74e1079861.tar.gz
gnu: openldap: Fix CVE-2017-9287.
* gnu/packages/patches/openldap-CVE-2017-9287.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/openldap.scm (openldap)[replacement]: New field.
(openldap/fixed): New variable.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/openldap.scm10
-rw-r--r--gnu/packages/patches/openldap-CVE-2017-9287.patch37
3 files changed, 48 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 84f6211f30..4ad478d5dd 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -863,6 +863,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openexr-missing-samples.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch		\
+  %D%/packages/patches/openldap-CVE-2017-9287.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 987719492f..24bf603c44 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -31,6 +31,7 @@
   #:use-module (gnu packages linux)
   #:use-module (gnu packages python)
   #:use-module (gnu packages tls)
+  #:use-module (gnu packages)
   #:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+))
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -39,6 +40,7 @@
 (define-public openldap
   (package
    (name "openldap")
+   (replacement openldap/fixed)
    (version "2.4.44")
    (source (origin
             (method url-fetch)
@@ -79,6 +81,14 @@
    (license openldap2.8)
    (home-page "http://www.openldap.org/")))
 
+(define openldap/fixed
+  (package
+    (inherit openldap)
+    (source
+      (origin
+        (inherit (package-source openldap))
+        (patches (search-patches "openldap-CVE-2017-9287.patch"))))))
+
 (define-public nss-pam-ldapd
   (package
     (name "nss-pam-ldapd")
diff --git a/gnu/packages/patches/openldap-CVE-2017-9287.patch b/gnu/packages/patches/openldap-CVE-2017-9287.patch
new file mode 100644
index 0000000000..5ca2a60c60
--- /dev/null
+++ b/gnu/packages/patches/openldap-CVE-2017-9287.patch
@@ -0,0 +1,37 @@
+Fix CVE-2017-9287:
+
+https://www.openldap.org/its/?findid=8655
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287
+
+Patch copied from upstream source repository:
+
+https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
+
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan@nardis.ca>
+Date: Wed, 17 May 2017 20:07:39 -0700
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
+
+Fixes a double free when a search includes the Paged Results control
+with a page size of 0 and the search base matches the filter.
+---
+ servers/slapd/back-mdb/search.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
+index 301d1a498c..43442aa242 100644
+--- a/servers/slapd/back-mdb/search.c
++++ b/servers/slapd/back-mdb/search.c
+@@ -1066,7 +1066,8 @@ notfound:
+ 			/* check size limit */
+ 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+-					mdb_entry_return( op, e );
++					if (e != base)
++						mdb_entry_return( op, e );
+ 					e = NULL;
+ 					send_paged_response( op, rs, &lastid, tentries );
+ 					goto done;
+-- 
+2.13.0
+