1 files changed, 47 insertions, 0 deletions
diff --git a/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch b/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch
new file mode 100644
index 0000000..488d457
--- /dev/null
+++ b/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch
@@ -0,0 +1,47 @@
+From 9889db043393092e9d4b5a42720bba0b3d58deba Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 6 Mar 2018 23:02:16 +0100
+Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL
+ before using
+CVE-2018-1000121
+Reported-by: Dario Weisser
+Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
+CVE: CVE-2018-1000121
+Upstream-Status: Backport [https://curl.haxx.se/CVE-2018-1000121.patch]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ lib/openldap.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/lib/openldap.c b/lib/openldap.c
+index f2ffdfe..6927275 100644
+--- a/lib/openldap.c
+++ b/lib/openldap.c
+@@ -473,7 +473,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
+ 
+   for(ent = ldap_first_message(li->ld, msg); ent;
+     ent = ldap_next_message(li->ld, ent)) {
+-    struct berval bv, *bvals, **bvp = &bvals;
+    struct berval bv, *bvals;
+     int binary = 0, msgtype;
+     CURLcode writeerr;
+ 
+@@ -535,9 +535,9 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
+     }
+     data->req.bytecount += bv.bv_len + 5;
+ 
+-    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
+-      rc == LDAP_SUCCESS;
+-      rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
+    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
+        (rc == LDAP_SUCCESS) && bvals;
+        rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
+       int i;
+ 
+       if(bv.bv_val == NULL) break;
+-- 
+2.7.4

diff --git a/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch b/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch new file mode 100644 index 0000000..488d457 --- /dev/null +++ b/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch
@@ -0,0 +1,47 @@
	1	From 9889db043393092e9d4b5a42720bba0b3d58deba Mon Sep 17 00:00:00 2001
	2	From: Daniel Stenberg <daniel@haxx.se>
	3	Date: Tue, 6 Mar 2018 23:02:16 +0100
	4	Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL
	5	before using
	6
	7	CVE-2018-1000121
	8	Reported-by: Dario Weisser
	9	Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
	10
	11	CVE: CVE-2018-1000121
	12	Upstream-Status: Backport [https://curl.haxx.se/CVE-2018-1000121.patch]
	13
	14	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	15	---
	16	lib/openldap.c \| 8 ++++----
	17	1 file changed, 4 insertions(+), 4 deletions(-)
	18
	19	diff --git a/lib/openldap.c b/lib/openldap.c
	20	index f2ffdfe..6927275 100644
	21	--- a/lib/openldap.c
	22	+++ b/lib/openldap.c
	23	@@ -473,7 +473,7 @@ static ssize_t ldap_recv(struct connectdata conn, int sockindex, char buf,
	24
	25	for(ent = ldap_first_message(li->ld, msg); ent;
	26	ent = ldap_next_message(li->ld, ent)) {
	27	- struct berval bv, bvals, *bvp = &bvals;
	28	+ struct berval bv, *bvals;
	29	int binary = 0, msgtype;
	30	CURLcode writeerr;
	31
	32	@@ -535,9 +535,9 @@ static ssize_t ldap_recv(struct connectdata conn, int sockindex, char buf,
	33	}
	34	data->req.bytecount += bv.bv_len + 5;
	35
	36	- for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
	37	- rc == LDAP_SUCCESS;
	38	- rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
	39	+ for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
	40	+ (rc == LDAP_SUCCESS) && bvals;
	41	+ rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
	42	int i;
	43
	44	if(bv.bv_val == NULL) break;
	45	--
	46	2.7.4
	47