diff --git a/openldap-2.4.18-ldif-buf-overflow.patch b/openldap-2.4.18-ldif-buf-overflow.patch index 5fba60d..b49afa9 100644 --- a/openldap-2.4.18-ldif-buf-overflow.patch +++ b/openldap-2.4.18-ldif-buf-overflow.patch @@ -1,26 +1,54 @@ --- openldap-2.4.18/servers/slapd/back-ldif/ldif.c.orig 2009-09-24 09:46:01.000000000 +0200 -+++ openldap-2.4.18/servers/slapd/back-ldif/ldif.c 2009-09-24 12:41:09.000000000 +0200 -@@ -593,9 +593,12 @@ typedef struct bvlist { ++++ openldap-2.4.18/servers/slapd/back-ldif/ldif.c 2009-09-24 13:40:07.000000000 +0200 +@@ -593,9 +593,7 @@ typedef struct bvlist { char *trunc; /* filename was truncated here */ int inum; /* num from "attr={num}" in filename, or INT_MIN */ char savech; /* original char at *trunc */ - char fname; /* variable length array BVL_NAME(bvl) = &fname */ -# define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, fname)) -# define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen)) -+ char *fname; /* variable length array BVL_NAME(bvl) = &fname */ -+ //char fname; /* variable length array BVL_NAME(bvl) = &fname */ -+# define BVL_NAME(bvl) ((bvl)->fname) -+# define BVL_SIZE(namelen) (sizeof(bvlist)) -+//# define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, fname)) -+//# define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen)) ++ char *fname; /* variable length array */ } bvlist; static int -@@ -710,6 +713,7 @@ ldif_readdir( +@@ -709,17 +707,18 @@ ldif_readdir( + if ( *fname_maxlenp < fname_len ) *fname_maxlenp = fname_len; - bvl = SLAP_MALLOC( BVL_SIZE( fname_len ) ); +- bvl = SLAP_MALLOC( BVL_SIZE( fname_len ) ); ++ bvl = SLAP_MALLOC( sizeof( bvlist ) ); + bvl->fname = SLAP_MALLOC( fname_len+1 ); if ( bvl == NULL ) { rc = LDAP_OTHER; save_errno = errno; + break; + } +- strcpy( BVL_NAME( bvl ), dir->d_name ); ++ strcpy( bvl->fname, dir->d_name ); + + /* Make it sortable by ("attr=val" or ) */ +- trunc = BVL_NAME( bvl ) + fname_len - STRLENOF( LDIF ); +- if ( (idxp = strchr( BVL_NAME( bvl ) + 2, IX_FSL )) != NULL && ++ trunc = bvl->fname + fname_len - STRLENOF( LDIF ); ++ if ( (idxp = strchr( bvl->fname + 2, IX_FSL )) != NULL && + (endp = strchr( ++idxp, IX_FSR )) != NULL && endp > idxp && + (eq_unsafe || idxp[-2] == '=' || endp + 1 == trunc) ) + { +@@ -737,7 +736,7 @@ ldif_readdir( + *trunc = '\0'; + + for ( prev = listp; (ptr = *prev) != NULL; prev = &ptr->next ) { +- int cmp = strcmp( BVL_NAME( bvl ), BVL_NAME( ptr )); ++ int cmp = strcmp( bvl->fname, ptr->fname ); + if ( cmp < 0 || (cmp == 0 && bvl->inum < ptr->inum) ) + break; + } +@@ -826,7 +825,7 @@ ldif_search_entry( + + if ( rc == LDAP_SUCCESS ) { + *ptr->trunc = ptr->savech; +- FILL_PATH( &fpath, dir_end, BVL_NAME( ptr )); ++ FILL_PATH( &fpath, dir_end, ptr->fname ); + + rc = ldif_read_entry( op, fpath.bv_val, &dn, &ndn, + &e, text ); diff --git a/openldap.spec b/openldap.spec index b2410ef..866fe74 100644 --- a/openldap.spec +++ b/openldap.spec @@ -11,7 +11,7 @@ Summary: LDAP support libraries Name: openldap Version: %{version} -Release: 2%{?dist} +Release: 3%{?dist} License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -639,6 +639,9 @@ fi %attr(0644,root,root) %{evolution_connector_libdir}/*.a %changelog +* Thu Sep 24 2009 Jan Zeleny 2.4.18-3 +- cleanup of previous patch fixing buffer overflow + * Tue Sep 22 2009 Jan Zeleny 2.4.18-2 - changed configuration approach. Instead od slapd.conf slapd is using slapd.d directory now