Module Name: src Committed By: christos Date: Sat Feb 7 17:58:23 UTC 2015
Modified Files: src/external/bsd/openldap/dist/servers/slapd/overlays: deref.c Log Message: Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;\ h=c32e74763f77675b9e144126e375977ed6dc562c The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer when a search request includes the Deref control with an empty list of attributes to return (missing input validation). [CVE-2015-1545] XXX: Pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.1.1.3 -r1.2 \ src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c diff -u src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c:1.1.1.3 src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c:1.2 --- src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c:1.1.1.3 Wed May 28 05:58:52 2014 +++ src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c Sat Feb 7 12:58:23 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: deref.c,v 1.1.1.3 2014/05/28 09:58:52 tron Exp $ */ +/* $NetBSD: deref.c,v 1.2 2015/02/07 17:58:23 christos Exp $ */ /* deref.c - dereference overlay */ /* $OpenLDAP$ */ @@ -185,7 +185,8 @@ deref_parseCtrl ( ber_len_t cnt = sizeof(struct berval); ber_len_t off = 0; - if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) + if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR + || !cnt ) { rs->sr_text = "Dereference control: derefSpec decoding error"; rs->sr_err = LDAP_PROTOCOL_ERROR;