Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at Fri Jul 2 16:00:07 CEST 2010. -------- --- openldap2/openldap2-client.changes 2010-05-14 00:31:01.000000000 +0200 +++ openldap2/openldap2-client.changes 2010-07-02 15:55:16.272152000 +0200 @@ -1,0 +2,9 @@ +Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com + +- LDAP clients could crash the server by submitting a specially + crafted LDAP ModRDN operation. (bnc#612430, ITS#6570) +- Delete Operations happening during the "Refresh" phase of + "refreshAndPersist" replication failed to replicate under + certain circumstances (bnc#606294, ITS#6555) + +------------------------------------------------------------------- openldap2.changes: same change calling whatdependson for head-i586 New: ---- Syncprov-might-lose-deletes-ITS-6555.dif slapd-modrdn-crash-ITS-6570.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2-client.spec ++++++ --- /var/tmp/diff_new_pack.zCBBCh/_old 2010-07-02 15:55:23.000000000 +0200 +++ /var/tmp/diff_new_pack.zCBBCh/_new 2010-07-02 15:55:23.000000000 +0200 @@ -28,7 +28,7 @@ BuildRequires: -db-devel -libopenssl-devel -pwdutils libdb-4_5-devel openssl-devel %endif Version: 2.4.21 -Release: 5 +Release: 6 Url: http://www.openldap.org License: BSD3c(or similar) ; openldap 2.8 %if "%{name}" == "openldap2" @@ -60,6 +60,8 @@ Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif Patch11: slapd-bconfig-del-db.dif +Patch12: Syncprov-might-lose-deletes-ITS-6555.dif +Patch13: slapd-modrdn-crash-ITS-6570.dif Patch100: openldap-2.3.37.dif Patch200: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -180,6 +182,8 @@ %patch7 %endif %patch11 +%patch12 -p1 +%patch13 -p1 %if %suse_version == 1100 %patch200 -p1 %endif openldap2.spec: same change ++++++ Syncprov-might-lose-deletes-ITS-6555.dif ++++++
From e32aa64d19840a3b76da532d200fa1cb733e0672 Mon Sep 17 00:00:00 2001 From: ralf <ralf> Date: Thu, 20 May 2010 15:08:28 +0000 Subject: Syncprov might lose deletes (ITS#6555)
During the refresh phase the sync filter needs to be adjusted (skipping the "(entrycsn>=cookie)" part that was inserted) when checking whether a change needs to be replicated, otherwise we lose DELETES that happen during the refresh phase. bnc#606294 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c index 675568e..030edf5 100644 --- a/servers/slapd/overlays/syncprov.c +++ b/servers/slapd/overlays/syncprov.c @@ -1301,7 +1301,15 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) op2.o_hdr = &oh; op2.o_extra = op->o_extra; op2.o_callback = NULL; - rc = test_filter( &op2, e, ss->s_op->ors_filter ); + ldap_pvt_thread_mutex_lock( &ss->s_mutex ); + if (ss->s_flags & PS_FIX_FILTER) { + /* Skip the AND/GE clause that we stuck on in front. We + would lose deletes/mods that happen during the refresh + phase otherwise (ITS#6555) */ + op2.ors_filter = ss->s_op->ors_filter->f_and->f_next; + } + ldap_pvt_thread_mutex_unlock( &ss->s_mutex ); + rc = test_filter( &op2, e, op2.ors_filter ); } Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n", -- 1.7.0.3 ++++++ slapd-modrdn-crash-ITS-6570.dif ++++++
From 6e229f5b94be41c4b9372914ae9bff90ccd81014 Mon Sep 17 00:00:00 2001 From: hyc <hyc> Date: Sun, 6 Jun 2010 22:02:32 +0000 Subject: slapd modrdn crash (ITS#6570)
part #1 reject RDNs with binary BER values part #2 reject RDNs with empty values Unauthenticated LDAP clients could crash the server by submitting a specially crafted LDAP ModRDN operatoin. Part #1: OpenLDAP crashes with segfault during the processing of a modrdn call with maliciously formed destination rdn string. No authentication is required to trigger this vulnerability. Part #2: OpenLDAP crashes at a null pointer dereference during the processing of modrdn call with maliciously formed destination rdn string. No authentication is required to trigger this vulnerability. 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index 3534e7f..75d2204 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) ava->la_attr = ad->ad_cname; if( ava->la_flags & LDAP_AVA_BINARY ) { - if( ava->la_value.bv_len == 0 ) { - /* BER encoding is empty */ - return LDAP_INVALID_SYNTAX; - } + /* AVA is binary encoded, not supported */ + return LDAP_INVALID_SYNTAX; /* Do not allow X-ORDERED 'VALUES' naming attributes */ } else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) { return LDAP_INVALID_SYNTAX; - /* AVA is binary encoded, don't muck with it */ } else if( flags & SLAP_LDAPDN_PRETTY ) { transf = ad->ad_type->sat_syntax->ssyn_pretty; if( !transf ) { @@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx ) ava->la_value = bv; ava->la_flags |= LDAP_AVA_FREE_VALUE; } + /* reject empty values */ + if (!ava->la_value.bv_len) { + return LDAP_INVALID_SYNTAX; + } } rc = LDAP_SUCCESS; diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c index e386ef9..e143a7b 100644 --- a/servers/slapd/modrdn.c +++ b/servers/slapd/modrdn.c @@ -445,12 +445,19 @@ slap_modrdn2mods( mod_tmp->sml_values[1].bv_val = NULL; if( desc->ad_type->sat_equality->smr_normalize) { mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); - (void) (*desc->ad_type->sat_equality->smr_normalize)( + rs->sr_err = desc->ad_type->sat_equality->smr_normalize( SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, desc->ad_type->sat_syntax, desc->ad_type->sat_equality, &mod_tmp->sml_values[0], &mod_tmp->sml_nvalues[0], NULL ); + if (rs->sr_err != LDAP_SUCCESS) { + ch_free(mod_tmp->sml_nvalues); + ch_free(mod_tmp->sml_values[0].bv_val); + ch_free(mod_tmp->sml_values); + ch_free(mod_tmp); + goto done; + } mod_tmp->sml_nvalues[1].bv_val = NULL; } else { mod_tmp->sml_nvalues = NULL; diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 68e6d28..d2f4708 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -1732,8 +1732,9 @@ UTF8StringNormalize( ? LDAP_UTF8_APPROX : 0; val = UTF8bvnormalize( val, &tmp, flags, ctx ); + /* out of memory or syntax error, the former is unlikely */ if( val == NULL ) { - return LDAP_OTHER; + return LDAP_INVALID_SYNTAX; } /* collapse spaces (in place) */ -- 1.7.0.3 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org