From owner-svn-ports-all@FreeBSD.ORG Fri Feb 6 22:20:12 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0F90A85E; Fri, 6 Feb 2015 22:20:12 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EF1C175B; Fri, 6 Feb 2015 22:20:11 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t16MKBQ2067577; Fri, 6 Feb 2015 22:20:11 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t16MKB5f067571; Fri, 6 Feb 2015 22:20:11 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201502062220.t16MKB5f067571@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Fri, 6 Feb 2015 22:20:11 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r378559 - in branches/2015Q1/net/openldap24-server: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2015 22:20:12 -0000 Author: delphij Date: Fri Feb 6 22:20:10 2015 New Revision: 378559 URL: https://svnweb.freebsd.org/changeset/ports/378559 QAT: https://qat.redports.org/buildarchive/r378559/ Log: MFH: r378558 Apply two upstream patches to address two remote DoS issues: - ITS8027: crash when a search includes the Deref control with an empty attribute list. - ITS8046: double free and crash by certain search queries using the Matched Values control. Approved by: ports-secteam@ Added: branches/2015Q1/net/openldap24-server/files/patch-ITS8027 - copied unchanged from r378558, head/net/openldap24-server/files/patch-ITS8027 branches/2015Q1/net/openldap24-server/files/patch-ITS8046 - copied unchanged from r378558, head/net/openldap24-server/files/patch-ITS8046 Modified: branches/2015Q1/net/openldap24-server/Makefile Directory Properties: branches/2015Q1/ (props changed) Modified: branches/2015Q1/net/openldap24-server/Makefile ============================================================================== --- branches/2015Q1/net/openldap24-server/Makefile Fri Feb 6 22:18:15 2015 (r378558) +++ branches/2015Q1/net/openldap24-server/Makefile Fri Feb 6 22:20:10 2015 (r378559) @@ -59,7 +59,7 @@ BROKEN= incompatible OpenLDAP version: .endif PORTREVISION_CLIENT= 1 -PORTREVISION_SERVER= 2 +PORTREVISION_SERVER= 3 OPENLDAP_SHLIB_MAJOR= 2 OPENLDAP_SHLIB_MINOR= 10.3 OPENLDAP_MAJOR= ${DISTVERSION:R} Copied: branches/2015Q1/net/openldap24-server/files/patch-ITS8027 (from r378558, head/net/openldap24-server/files/patch-ITS8027) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q1/net/openldap24-server/files/patch-ITS8027 Fri Feb 6 22:20:10 2015 (r378559, copy of r378558, head/net/openldap24-server/files/patch-ITS8027) @@ -0,0 +1,26 @@ +From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 19 Jan 2015 22:25:53 +0000 +Subject: [PATCH] ITS#8027 require non-empty AttributeList + +--- + servers/slapd/overlays/deref.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git servers/slapd/overlays/deref.c servers/slapd/overlays/deref.c +index 9420e3e..05aa890 100644 +--- servers/slapd/overlays/deref.c ++++ servers/slapd/overlays/deref.c +@@ -183,7 +183,8 @@ deref_parseCtrl ( + ber_len_t cnt = sizeof(struct berval); + ber_len_t off = 0; + +- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ) ++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR ++ || !cnt ) + { + rs->sr_text = "Dereference control: derefSpec decoding error"; + rs->sr_err = LDAP_PROTOCOL_ERROR; +-- +1.7.10.4 + Copied: branches/2015Q1/net/openldap24-server/files/patch-ITS8046 (from r378558, head/net/openldap24-server/files/patch-ITS8046) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q1/net/openldap24-server/files/patch-ITS8046 Fri Feb 6 22:20:10 2015 (r378559, copy of r378558, head/net/openldap24-server/files/patch-ITS8046) @@ -0,0 +1,34 @@ +From 2f1a2dd329b91afe561cd06b872d09630d4edb6a Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Wed, 4 Feb 2015 02:03:55 +0000 +Subject: [PATCH] ITS#8046 fix vrFilter_free + +--- + servers/slapd/filter.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git servers/slapd/filter.c servers/slapd/filter.c +index b859f73..22c81c8 100644 +--- servers/slapd/filter.c ++++ servers/slapd/filter.c +@@ -1158,14 +1158,10 @@ get_vrFilter( Operation *op, BerElement *ber, + void + vrFilter_free( Operation *op, ValuesReturnFilter *vrf ) + { +- ValuesReturnFilter *p, *next; ++ ValuesReturnFilter *next; + +- if ( vrf == NULL ) { +- return; +- } +- +- for ( p = vrf; p != NULL; p = next ) { +- next = p->vrf_next; ++ for ( ; vrf != NULL; vrf = next ) { ++ next = vrf->vrf_next; + + switch ( vrf->vrf_choice & SLAPD_FILTER_MASK ) { + case LDAP_FILTER_PRESENT: +-- +1.7.10.4 +