Change-Id: Ifa4bf13b79a1008ca1e81db965d0a13a34aad867
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3221
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,28 @@ |
0 |
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Ryan Tandy <ryan@nardis.ca> |
|
2 |
+Date: Wed, 17 May 2017 20:07:39 -0700 |
|
3 |
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 |
|
4 |
+ |
|
5 |
+Fixes a double free when a search includes the Paged Results control |
|
6 |
+with a page size of 0 and the search base matches the filter. |
|
7 |
+--- |
|
8 |
+ servers/slapd/back-mdb/search.c | 3 ++- |
|
9 |
+ 1 file changed, 2 insertions(+), 1 deletion(-) |
|
10 |
+ |
|
11 |
+diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c |
|
12 |
+index 301d1a4..43442aa 100644 |
|
13 |
+--- a/servers/slapd/back-mdb/search.c |
|
14 |
+@@ -1066,7 +1066,8 @@ notfound: |
|
15 |
+ /* check size limit */ |
|
16 |
+ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { |
|
17 |
+ if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { |
|
18 |
+- mdb_entry_return( op, e ); |
|
19 |
++ if (e != base) |
|
20 |
++ mdb_entry_return( op, e ); |
|
21 |
+ e = NULL; |
|
22 |
+ send_paged_response( op, rs, &lastid, tentries ); |
|
23 |
+ goto done; |
|
24 |
+-- |
|
25 |
+1.7.10.4 |
|
26 |
+ |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: OpenLdap-2.4.43 |
3 | 3 |
Name: openldap |
4 | 4 |
Version: 2.4.44 |
5 |
-Release: 1%{?dist} |
|
5 |
+Release: 2%{?dist} |
|
6 | 6 |
License: OpenLDAP |
7 | 7 |
URL: http://cyrusimap.web.cmu.edu/ |
8 | 8 |
Group: System Environment/Security |
... | ... |
@@ -11,6 +11,7 @@ Distribution: Photon |
11 | 11 |
Source0: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/%{name}-%{version}.tgz |
12 | 12 |
%define sha1 openldap=016a738d050a68d388602a74b5e991035cdba149 |
13 | 13 |
Patch0: openldap-2.4.44-consolidated-2.patch |
14 |
+Patch1: openldap-CVE-2017-9287.patch |
|
14 | 15 |
Patch2: openldap-2.4.40-gssapi-1.patch |
15 | 16 |
Requires: openssl >= 1.0.1, cyrus-sasl >= 2.1 |
16 | 17 |
BuildRequires: cyrus-sasl >= 2.1 |
... | ... |
@@ -31,6 +32,7 @@ libraries, and documentation for OpenLDAP. |
31 | 31 |
%setup -q |
32 | 32 |
%patch2 -p1 |
33 | 33 |
%patch0 -p1 |
34 |
+%patch1 -p1 |
|
34 | 35 |
%build |
35 | 36 |
|
36 | 37 |
autoconf |
... | ... |
@@ -78,6 +80,8 @@ rm -rf %{buildroot}/* |
78 | 78 |
/etc/openldap/* |
79 | 79 |
|
80 | 80 |
%changelog |
81 |
+* Tue Jul 11 2017 Divya Thaluru <dthaluru@vmware.com> 2.4.44-2 |
|
82 |
+- Applied patch for CVE-2017-9287 |
|
81 | 83 |
* Sat Apr 15 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.4.44-1 |
82 | 84 |
- Update to 2.4.44 |
83 | 85 |
* Wed Oct 05 2016 ChangLee <changlee@vmware.com> 2.4.43-3 |