diff options
Diffstat (limited to 'recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch')
-rw-r--r-- | recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch b/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch new file mode 100644 index 0000000..488d457 --- /dev/null +++ b/recipes-support/curl/curl/CVE-2018-1000121-openldap-check-ldap_get_attribute_ber-results-for-NU.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | From 9889db043393092e9d4b5a42720bba0b3d58deba Mon Sep 17 00:00:00 2001 | ||
2 | From: Daniel Stenberg <daniel@haxx.se> | ||
3 | Date: Tue, 6 Mar 2018 23:02:16 +0100 | ||
4 | Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL | ||
5 | before using | ||
6 | |||
7 | CVE-2018-1000121 | ||
8 | Reported-by: Dario Weisser | ||
9 | Bug: https://curl.haxx.se/docs/adv_2018-97a2.html | ||
10 | |||
11 | CVE: CVE-2018-1000121 | ||
12 | Upstream-Status: Backport [https://curl.haxx.se/CVE-2018-1000121.patch] | ||
13 | |||
14 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
15 | --- | ||
16 | lib/openldap.c | 8 ++++---- | ||
17 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
18 | |||
19 | diff --git a/lib/openldap.c b/lib/openldap.c | ||
20 | index f2ffdfe..6927275 100644 | ||
21 | --- a/lib/openldap.c | ||
22 | +++ b/lib/openldap.c | ||
23 | @@ -473,7 +473,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf, | ||
24 | |||
25 | for(ent = ldap_first_message(li->ld, msg); ent; | ||
26 | ent = ldap_next_message(li->ld, ent)) { | ||
27 | - struct berval bv, *bvals, **bvp = &bvals; | ||
28 | + struct berval bv, *bvals; | ||
29 | int binary = 0, msgtype; | ||
30 | CURLcode writeerr; | ||
31 | |||
32 | @@ -535,9 +535,9 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf, | ||
33 | } | ||
34 | data->req.bytecount += bv.bv_len + 5; | ||
35 | |||
36 | - for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp); | ||
37 | - rc == LDAP_SUCCESS; | ||
38 | - rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) { | ||
39 | + for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals); | ||
40 | + (rc == LDAP_SUCCESS) && bvals; | ||
41 | + rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) { | ||
42 | int i; | ||
43 | |||
44 | if(bv.bv_val == NULL) break; | ||
45 | -- | ||
46 | 2.7.4 | ||
47 | |||