From b0415c0361606d8d43cdc0841ad9cf74e1079861 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 30 May 2017 18:04:11 -0400 Subject: gnu: openldap: Fix CVE-2017-9287. * gnu/packages/patches/openldap-CVE-2017-9287.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/openldap.scm (openldap)[replacement]: New field. (openldap/fixed): New variable. --- gnu/packages/openldap.scm | 10 ++++++ gnu/packages/patches/openldap-CVE-2017-9287.patch | 37 +++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 gnu/packages/patches/openldap-CVE-2017-9287.patch (limited to 'gnu/packages') diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 987719492f..24bf603c44 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -31,6 +31,7 @@ #:use-module (gnu packages linux) #:use-module (gnu packages python) #:use-module (gnu packages tls) + #:use-module (gnu packages) #:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+)) #:use-module (guix packages) #:use-module (guix download) @@ -39,6 +40,7 @@ (define-public openldap (package (name "openldap") + (replacement openldap/fixed) (version "2.4.44") (source (origin (method url-fetch) @@ -79,6 +81,14 @@ (license openldap2.8) (home-page "http://www.openldap.org/"))) +(define openldap/fixed + (package + (inherit openldap) + (source + (origin + (inherit (package-source openldap)) + (patches (search-patches "openldap-CVE-2017-9287.patch")))))) + (define-public nss-pam-ldapd (package (name "nss-pam-ldapd") diff --git a/gnu/packages/patches/openldap-CVE-2017-9287.patch b/gnu/packages/patches/openldap-CVE-2017-9287.patch new file mode 100644 index 0000000000..5ca2a60c60 --- /dev/null +++ b/gnu/packages/patches/openldap-CVE-2017-9287.patch @@ -0,0 +1,37 @@ +Fix CVE-2017-9287: + +https://www.openldap.org/its/?findid=8655 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287 + +Patch copied from upstream source repository: + +https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e + +From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 +From: Ryan Tandy +Date: Wed, 17 May 2017 20:07:39 -0700 +Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 + +Fixes a double free when a search includes the Paged Results control +with a page size of 0 and the search base matches the filter. +--- + servers/slapd/back-mdb/search.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c +index 301d1a498c..43442aa242 100644 +--- a/servers/slapd/back-mdb/search.c ++++ b/servers/slapd/back-mdb/search.c +@@ -1066,7 +1066,8 @@ notfound: + /* check size limit */ + if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { + if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { +- mdb_entry_return( op, e ); ++ if (e != base) ++ mdb_entry_return( op, e ); + e = NULL; + send_paged_response( op, rs, &lastid, tentries ); + goto done; +-- +2.13.0 + -- cgit 1.4.1