Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
openldap2.18498
0220-ITS-9425-add-more-checks-to-ldap_X509dn2bv...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0220-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch of Package openldap2.18498
From 0ed885e520a3aa3ee7ffa895407fde5693459c5d Mon Sep 17 00:00:00 2001 From: Howard Chu <hyc@openldap.org> Date: Mon, 14 Dec 2020 20:05:44 +0000 Subject: [PATCH 220/222] ITS#9425 add more checks to ldap_X509dn2bv --- libraries/libldap/tls2.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c index 3d2098053..3c5442169 100644 --- a/libraries/libldap/tls2.c +++ b/libraries/libldap/tls2.c @@ -1218,6 +1218,8 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, for ( tag = ber_first_element( ber, &len, &rdn_end ); tag == LBER_SEQUENCE; tag = ber_next_element( ber, &len, rdn_end )) { + if ( rdn_end > dn_end ) + return LDAP_DECODING_ERROR; tag = ber_skip_tag( ber, &len ); ber_skip_data( ber, len ); navas++; @@ -1227,7 +1229,7 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, /* Rewind and prepare to extract */ ber_rewind( ber ); tag = ber_first_element( ber, &len, &dn_end ); - if ( tag == LBER_DEFAULT ) + if ( tag != LBER_SET ) return LDAP_DECODING_ERROR; /* Allocate the DN/RDN/AVA stuff as a single block */ @@ -1340,6 +1342,10 @@ allocd: /* X.690 bitString value converted to RFC4517 Bit String */ rc = der_to_ldap_BitString( &Val, &newAVA->la_value ); goto allocd; + case LBER_DEFAULT: + /* decode error */ + rc = LDAP_DECODING_ERROR; + goto nomem; default: /* Not a string type at all */ newAVA->la_flags = 0; -- 2.30.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
