Module Name: src
Committed By: christos
Date: Sat Feb 7 17:58:23 UTC 2015
Modified Files:
src/external/bsd/openldap/dist/servers/slapd/overlays: deref.c
Log Message:
Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;\
h=c32e74763f77675b9e144126e375977ed6dc562c
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL
pointer when a search request includes the Deref control with an empty
list of attributes to return (missing input validation). [CVE-2015-1545]
XXX: Pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.2 \
src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c
diff -u src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c:1.1.1.3 src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c:1.2
--- src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c:1.1.1.3 Wed May 28 05:58:52 2014
+++ src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c Sat Feb 7 12:58:23 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: deref.c,v 1.1.1.3 2014/05/28 09:58:52 tron Exp $ */
+/* $NetBSD: deref.c,v 1.2 2015/02/07 17:58:23 christos Exp $ */
/* deref.c - dereference overlay */
/* $OpenLDAP$ */
@@ -185,7 +185,8 @@ deref_parseCtrl (
ber_len_t cnt = sizeof(struct berval);
ber_len_t off = 0;
- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
+ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
+ || !cnt )
{
rs->sr_text = "Dereference control: derefSpec decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
