37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
$OpenBSD: patch-servers_slapd_dn_c,v 1.1.1.1 2011/01/07 10:17:04 pea Exp $
|
|
|
|
SECURITY FIX
|
|
|
|
Resolves CVE-2010-0211 and CVE-2010-0212 (ITS#6570)
|
|
from upstream
|
|
|
|
|
|
--- servers/slapd/dn.c.orig Mon Feb 11 18:24:16 2008
|
|
+++ servers/slapd/dn.c Tue Aug 3 10:24:27 2010
|
|
@@ -352,12 +352,9 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ct
|
|
ava->la_attr = ad->ad_cname;
|
|
|
|
if( ava->la_flags & LDAP_AVA_BINARY ) {
|
|
- if( ava->la_value.bv_len == 0 ) {
|
|
- /* BER encoding is empty */
|
|
- return LDAP_INVALID_SYNTAX;
|
|
- }
|
|
+ /* AVA is binary encoded, not supported */
|
|
+ return LDAP_INVALID_SYNTAX;
|
|
|
|
- /* AVA is binary encoded, don't muck with it */
|
|
} else if( flags & SLAP_LDAPDN_PRETTY ) {
|
|
transf = ad->ad_type->sat_syntax->ssyn_pretty;
|
|
if( !transf ) {
|
|
@@ -424,6 +421,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ct
|
|
ber_memfree_x( ava->la_value.bv_val, ctx );
|
|
ava->la_value = bv;
|
|
ava->la_flags |= LDAP_AVA_FREE_VALUE;
|
|
+ }
|
|
+ /* reject empty values */
|
|
+ if (!ava->la_value.bv_len) {
|
|
+ return LDAP_INVALID_SYNTAX;
|
|
}
|
|
}
|
|
rc = LDAP_SUCCESS;
|