diff options
3 files changed, 108 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch new file mode 100644 index 0000000000..2517dac334 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Howard Chu <hyc@openldap.org> | ||
| 3 | Date: Wed, 24 Aug 2022 14:40:51 +0100 | ||
| 4 | Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure | ||
| 5 | |||
| 6 | Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a | ||
| 7 | |||
| 8 | Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce] | ||
| 9 | CVE: CVE-2023-2953 | ||
| 10 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
| 11 | --- | ||
| 12 | libraries/libldap/fetch.c | 2 ++ | ||
| 13 | 1 file changed, 2 insertions(+) | ||
| 14 | |||
| 15 | diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c | ||
| 16 | index 9e426dc647..536871bcfe 100644 | ||
| 17 | --- a/libraries/libldap/fetch.c | ||
| 18 | +++ b/libraries/libldap/fetch.c | ||
| 19 | @@ -69,6 +69,8 @@ ldif_open_url( | ||
| 20 | } | ||
| 21 | |||
| 22 | p = ber_strdup( urlstr ); | ||
| 23 | + if ( p == NULL ) | ||
| 24 | + return NULL; | ||
| 25 | |||
| 26 | /* But we should convert to LDAP_DIRSEP before use */ | ||
| 27 | if ( LDAP_DIRSEP[0] != '/' ) { | ||
| 28 | -- | ||
| 29 | GitLab | ||
| 30 | |||
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch new file mode 100644 index 0000000000..2f24df9266 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch | |||
| @@ -0,0 +1,76 @@ | |||
| 1 | From 3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Howard Chu <hyc@openldap.org> | ||
| 3 | Date: Thu, 25 Aug 2022 16:13:21 +0100 | ||
| 4 | Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure | ||
| 5 | |||
| 6 | Avoid unnecessary strdup in IPv6 addr parsing, check for strdup | ||
| 7 | failure when dup'ing scheme. | ||
| 8 | |||
| 9 | Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59 | ||
| 10 | |||
| 11 | Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b] | ||
| 12 | CVE: CVE-2023-2953 | ||
| 13 | Signed-off-by: Ashish Sharma <asharma@mvista.com> | ||
| 14 | --- | ||
| 15 | libraries/libldap/url.c | 21 ++++++++++++--------- | ||
| 16 | 1 file changed, 12 insertions(+), 9 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c | ||
| 19 | index 7e56564265..8df0abd044 100644 | ||
| 20 | --- a/libraries/libldap/url.c | ||
| 21 | +++ b/libraries/libldap/url.c | ||
| 22 | @@ -1386,24 +1386,22 @@ ldap_url_parsehosts( | ||
| 23 | } | ||
| 24 | ludp->lud_port = port; | ||
| 25 | ludp->lud_host = specs[i]; | ||
| 26 | - specs[i] = NULL; | ||
| 27 | p = strchr(ludp->lud_host, ':'); | ||
| 28 | if (p != NULL) { | ||
| 29 | /* more than one :, IPv6 address */ | ||
| 30 | if ( strchr(p+1, ':') != NULL ) { | ||
| 31 | /* allow [address] and [address]:port */ | ||
| 32 | if ( *ludp->lud_host == '[' ) { | ||
| 33 | - p = LDAP_STRDUP(ludp->lud_host+1); | ||
| 34 | - /* copied, make sure we free source later */ | ||
| 35 | - specs[i] = ludp->lud_host; | ||
| 36 | - ludp->lud_host = p; | ||
| 37 | - p = strchr( ludp->lud_host, ']' ); | ||
| 38 | + p = strchr( ludp->lud_host+1, ']' ); | ||
| 39 | if ( p == NULL ) { | ||
| 40 | LDAP_FREE(ludp); | ||
| 41 | ldap_charray_free(specs); | ||
| 42 | return LDAP_PARAM_ERROR; | ||
| 43 | } | ||
| 44 | - *p++ = '\0'; | ||
| 45 | + /* Truncate trailing ']' and shift hostname down 1 char */ | ||
| 46 | + *p = '\0'; | ||
| 47 | + AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host ); | ||
| 48 | + p++; | ||
| 49 | if ( *p != ':' ) { | ||
| 50 | if ( *p != '\0' ) { | ||
| 51 | LDAP_FREE(ludp); | ||
| 52 | @@ -1429,14 +1427,19 @@ ldap_url_parsehosts( | ||
| 53 | } | ||
| 54 | } | ||
| 55 | } | ||
| 56 | - ldap_pvt_hex_unescape(ludp->lud_host); | ||
| 57 | ludp->lud_scheme = LDAP_STRDUP("ldap"); | ||
| 58 | + if ( ludp->lud_scheme == NULL ) { | ||
| 59 | + LDAP_FREE(ludp); | ||
| 60 | + ldap_charray_free(specs); | ||
| 61 | + return LDAP_NO_MEMORY; | ||
| 62 | + } | ||
| 63 | + specs[i] = NULL; | ||
| 64 | + ldap_pvt_hex_unescape(ludp->lud_host); | ||
| 65 | ludp->lud_next = *ludlist; | ||
| 66 | *ludlist = ludp; | ||
| 67 | } | ||
| 68 | |||
| 69 | /* this should be an array of NULLs now */ | ||
| 70 | - /* except entries starting with [ */ | ||
| 71 | ldap_charray_free(specs); | ||
| 72 | return LDAP_SUCCESS; | ||
| 73 | } | ||
| 74 | -- | ||
| 75 | GitLab | ||
| 76 | |||
diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb b/meta-oe/recipes-support/openldap/openldap_2.5.12.bb index e4475e5069..cd29760b8c 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.5.12.bb | |||
| @@ -23,6 +23,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ | |||
| 23 | file://0001-build-top.mk-unset-STRIP_OPTS.patch \ | 23 | file://0001-build-top.mk-unset-STRIP_OPTS.patch \ |
| 24 | file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \ | 24 | file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \ |
| 25 | file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \ | 25 | file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \ |
| 26 | file://CVE-2023-2953-1.patch \ | ||
| 27 | file://CVE-2023-2953-2.patch \ | ||
| 26 | " | 28 | " |
| 27 | 29 | ||
| 28 | SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96" | 30 | SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96" |
