From owner-svn-ports-all@FreeBSD.ORG Fri Feb 6 22:18:16 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BEF676AC; Fri, 6 Feb 2015 22:18:16 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AAC7E6ED; Fri, 6 Feb 2015 22:18:16 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t16MIGAN067002; Fri, 6 Feb 2015 22:18:16 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t16MIF3w066999; Fri, 6 Feb 2015 22:18:15 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201502062218.t16MIF3w066999@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Fri, 6 Feb 2015 22:18:15 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378558 - in head/net/openldap24-server: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2015 22:18:17 -0000 Author: delphij Date: Fri Feb 6 22:18:15 2015 New Revision: 378558 URL: https://svnweb.freebsd.org/changeset/ports/378558 QAT: https://qat.redports.org/buildarchive/r378558/ Log: Apply two upstream patches to address two remote DoS issues: - ITS8027: crash when a search includes the Deref control with an empty attribute list. - ITS8046: double free and crash by certain search queries using the Matched Values control. MFH: 2015Q1 Added: head/net/openldap24-server/files/patch-ITS8027 (contents, props changed) head/net/openldap24-server/files/patch-ITS8046 (contents, props changed) Modified: head/net/openldap24-server/Makefile Modified: head/net/openldap24-server/Makefile ============================================================================== --- head/net/openldap24-server/Makefile Fri Feb 6 22:04:17 2015 (r378557) +++ head/net/openldap24-server/Makefile Fri Feb 6 22:18:15 2015 (r378558) @@ -59,7 +59,7 @@ BROKEN= incompatible OpenLDAP version: .endif PORTREVISION_CLIENT= 1 -PORTREVISION_SERVER= 2 +PORTREVISION_SERVER= 3 OPENLDAP_SHLIB_MAJOR= 2 OPENLDAP_SHLIB_MINOR= 10.3 OPENLDAP_MAJOR= ${DISTVERSION:R} Added: head/net/openldap24-server/files/patch-ITS8027 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/openldap24-server/files/patch-ITS8027 Fri Feb 6 22:18:15 2015 (r378558) @@ -0,0 +1,26 @@ +From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 19 Jan 2015 22:25:53 +0000 +Subject: [PATCH] ITS#8027 require non-empty AttributeList + +--- + servers/slapd/overlays/deref.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git servers/slapd/overlays/deref.c servers/slapd/overlays/deref.c +index 9420e3e..05aa890 100644 +--- servers/slapd/overlays/deref.c ++++ servers/slapd/overlays/deref.c +@@ -183,7 +183,8 @@ deref_parseCtrl ( + ber_len_t cnt = sizeof(struct berval); + ber_len_t off = 0; + +- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) ++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ++ || !cnt ) + { + rs->sr_text = "Dereference control: derefSpec decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; +-- +1.7.10.4 + Added: head/net/openldap24-server/files/patch-ITS8046 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/openldap24-server/files/patch-ITS8046 Fri Feb 6 22:18:15 2015 (r378558) @@ -0,0 +1,34 @@ +From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Wed, 4 Feb 2015 02:03:55 +0000 +Subject: [PATCH] ITS#8046 fix vrFilter_free + +--- + servers/slapd/filter.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git servers/slapd/filter.c servers/slapd/filter.c +index b859f73..22c81c8 100644 +--- servers/slapd/filter.c ++++ servers/slapd/filter.c +@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, + void + vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) + { +- ValuesReturnFilter *p, *next; ++ ValuesReturnFilter *next; + +- if ( vrf == NULL ) { +- return; +- } +- +- for ( p = vrf; p != NULL; p = next ) { +- next = p->vrf_next; ++ for ( ; vrf != NULL; vrf = next ) { ++ next = vrf->vrf_next; + + switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { + case LDAP_FILTER_PRESENT: +-- +1.7.10.4 +