Control: tags 1016445 + patch Control: tags 1016445 + pending Dear maintainer,
I've prepared an NMU for 389-ds-base (versioned as 2.0.15-1.1) and uploaded it to DELAYED/15. Please feel free to tell me if I should cancel it. cu Adrian
diff -Nru 389-ds-base-2.0.15/debian/changelog 389-ds-base-2.0.15/debian/changelog --- 389-ds-base-2.0.15/debian/changelog 2022-04-13 14:11:20.000000000 +0300 +++ 389-ds-base-2.0.15/debian/changelog 2022-09-13 22:10:45.000000000 +0300 @@ -1,3 +1,11 @@ +389-ds-base (2.0.15-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2022-0918: unauthenticated attacker with network access to + the LDAP port could cause a denial of service (Closes: #1016445) + + -- Adrian Bunk <b...@debian.org> Tue, 13 Sep 2022 22:10:45 +0300 + 389-ds-base (2.0.15-1) unstable; urgency=medium * New upstream release. diff -Nru 389-ds-base-2.0.15/debian/patches/0001-Issue-5242-Craft-message-may-crash-the-server-5243.patch 389-ds-base-2.0.15/debian/patches/0001-Issue-5242-Craft-message-may-crash-the-server-5243.patch --- 389-ds-base-2.0.15/debian/patches/0001-Issue-5242-Craft-message-may-crash-the-server-5243.patch 1970-01-01 02:00:00.000000000 +0200 +++ 389-ds-base-2.0.15/debian/patches/0001-Issue-5242-Craft-message-may-crash-the-server-5243.patch 2022-09-13 22:09:53.000000000 +0300 @@ -0,0 +1,45 @@ +From f46ab49c9f06b503f5ec8147f2c01dcacdb6a375 Mon Sep 17 00:00:00 2001 +From: tbordaz <tbor...@redhat.com> +Date: Wed, 30 Mar 2022 18:07:23 +0200 +Subject: Issue 5242- Craft message may crash the server (#5243) + +Bug description: + A craft request can result in DoS + +Fix description: + If the server fails to decode the ber value + then return an Error + +relates: 5242 + +Reviewed by: Pierre Rogier, Mark Reynolds (thanks !) + +Platforms tested: F34 +--- + ldap/servers/slapd/filter.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c +index 40f11c230..dd3ce0340 100644 +--- a/ldap/servers/slapd/filter.c ++++ b/ldap/servers/slapd/filter.c +@@ -647,8 +647,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf) + } + } + +- if ((tag != LBER_ERROR) && (len != -1)) { +- goto parsing_error; ++ if (tag == LBER_ERROR) { ++ if (len == -1) { ++ /* means that the ber sequence ended without LBER_END_OF_SEQORSET tag ++ * and it is considered as valid to ensure compatibility with open ldap. ++ */ ++ } else { ++ goto parsing_error; ++ } + } + + slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc); +-- +2.30.2 + diff -Nru 389-ds-base-2.0.15/debian/patches/series 389-ds-base-2.0.15/debian/patches/series --- 389-ds-base-2.0.15/debian/patches/series 2022-04-13 14:08:57.000000000 +0300 +++ 389-ds-base-2.0.15/debian/patches/series 2022-09-13 22:10:25.000000000 +0300 @@ -1,2 +1,3 @@ fix-saslpath.diff 0001-Revert-Issue-3584-Fix-PBKDF2_SHA256-hashing-in-FIPS-.patch +0001-Issue-5242-Craft-message-may-crash-the-server-5243.patch