its staged in stable/dunfell-nut
- armin
On 6/13/23 4:24 AM, Vijay Anusuri wrote:
Hi Steve,
Any update on this ?
Thanks & Regards,
Vijay
On Mon, Jun 5, 2023 at 12:49 PM Vijay Anusuri via
lists.openembedded.org <http://lists.openembedded.org>
<[email protected]> wrote:
From: Vijay Anusuri <[email protected]>
Upstream-Status: Backport
[https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
&
<https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce&;>
https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
Signed-off-by: Vijay Anusuri <[email protected]>
---
.../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++
.../openldap/openldap/CVE-2023-2953-2.patch | 76
+++++++++++++++++++
.../openldap/openldap_2.4.57.bb <http://openldap_2.4.57.bb>
| 2 +
3 files changed, 108 insertions(+)
create mode 100644
meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
create mode 100644
meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
diff --git
a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
new file mode 100644
index 000000000..f4b4eb95d
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
@@ -0,0 +1,30 @@
+From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00
2001
+From: Howard Chu <[email protected]>
+Date: Wed, 24 Aug 2022 14:40:51 +0100
+Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
+
+Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
+
+Upstream-Status: Backport
[https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
+CVE: CVE-2023-2953
+Signed-off-by: Vijay Anusuri <[email protected]>
+---
+ libraries/libldap/fetch.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
+index 9e426dc647..536871bcfe 100644
+--- a/libraries/libldap/fetch.c
++++ b/libraries/libldap/fetch.c
+@@ -69,6 +69,8 @@ ldif_open_url(
+ }
+
+ p = ber_strdup( urlstr );
++ if ( p == NULL )
++ return NULL;
+
+ /* But we should convert to LDAP_DIRSEP before use */
+ if ( LDAP_DIRSEP[0] != '/' ) {
+--
+GitLab
+
diff --git
a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
new file mode 100644
index 000000000..02c43bc44
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
@@ -0,0 +1,76 @@
+From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00
2001
+From: Howard Chu <[email protected]>
+Date: Thu, 25 Aug 2022 16:13:21 +0100
+Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup
failure
+
+Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
+failure when dup'ing scheme.
+
+Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
+
+Upstream-Status: Backport
[https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
+CVE: CVE-2023-2953
+Signed-off-by: Vijay Anusuri <[email protected]>
+---
+ libraries/libldap/url.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
+index dcf2aac9e8..493fd7ce47 100644
+--- a/libraries/libldap/url.c
++++ b/libraries/libldap/url.c
+@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
+ }
+ ludp->lud_port = port;
+ ludp->lud_host = specs[i];
+- specs[i] = NULL;
+ p = strchr(ludp->lud_host, ':');
+ if (p != NULL) {
+ /* more than one :, IPv6 address */
+ if ( strchr(p+1, ':') != NULL ) {
+ /* allow [address] and
[address]:port */
+ if ( *ludp->lud_host == '[' ) {
+- p =
LDAP_STRDUP(ludp->lud_host+1);
+- /* copied, make sure we
free source later */
+- specs[i] = ludp->lud_host;
+- ludp->lud_host = p;
+- p = strchr(
ludp->lud_host, ']' );
++ p = strchr(
ludp->lud_host+1, ']' );
+ if ( p == NULL ) {
+ LDAP_FREE(ludp);
+ ldap_charray_free(specs);
+ return
LDAP_PARAM_ERROR;
+ }
+- *p++ = '\0';
++ /* Truncate trailing ']'
and shift hostname down 1 char */
++ *p = '\0';
++ AC_MEMCPY( ludp->lud_host,
ludp->lud_host+1, p - ludp->lud_host );
++ p++;
+ if ( *p != ':' ) {
+ if ( *p != '\0' ) {
+ LDAP_FREE(ludp);
+@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
+ }
+ }
+ }
+- ldap_pvt_hex_unescape(ludp->lud_host);
+ ludp->lud_scheme = LDAP_STRDUP("ldap");
++ if ( ludp->lud_scheme == NULL ) {
++ LDAP_FREE(ludp);
++ ldap_charray_free(specs);
++ return LDAP_NO_MEMORY;
++ }
++ specs[i] = NULL;
++ ldap_pvt_hex_unescape(ludp->lud_host);
+ ludp->lud_next = *ludlist;
+ *ludlist = ludp;
+ }
+
+ /* this should be an array of NULLs now */
+- /* except entries starting with [ */
+ ldap_charray_free(specs);
+ return LDAP_SUCCESS;
+ }
+--
+GitLab
+
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
<http://openldap_2.4.57.bb>
b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
<http://openldap_2.4.57.bb>
index e3e9caa1b..1e7e6b3d7 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
<http://openldap_2.4.57.bb>
+++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
<http://openldap_2.4.57.bb>
@@ -24,6 +24,8 @@ SRC_URI =
"http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
file://openldap-CVE-2015-3276.patch \
file://remove-user-host-pwd-from-version.patch \
file://CVE-2022-29155.patch \
+ file://CVE-2023-2953-1.patch \
+ file://CVE-2023-2953-2.patch \
"
SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
SRC_URI[sha256sum] =
"c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#103303):
https://lists.openembedded.org/g/openembedded-devel/message/103303
Mute This Topic: https://lists.openembedded.org/mt/99335615/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
