Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
openldap2.19532
0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch of Package openldap2.19532
From bd843f03d4137756b1d1ba0695cb583fbe91d905 Mon Sep 17 00:00:00 2001 From: Howard Chu <hyc@openldap.org> Date: Sun, 13 Dec 2020 21:48:45 +0000 Subject: [PATCH 220/224] ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count --- libraries/libldap/tls2.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c index d25c190ea..c642469d9 100644 --- a/libraries/libldap/tls2.c +++ b/libraries/libldap/tls2.c @@ -1220,6 +1220,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, } } + /* Rewind and prepare to extract */ + ber_rewind( ber ); + tag = ber_first_element( ber, &len, &dn_end ); + if ( tag == LBER_DEFAULT ) + return LDAP_DECODING_ERROR; + /* Allocate the DN/RDN/AVA stuff as a single block */ dnsize = sizeof(LDAPRDN) * (nrdns+1); dnsize += sizeof(LDAPAVA *) * (navas+nrdns); @@ -1231,16 +1237,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, } else { newDN = (LDAPDN)(char *)ptrs; } - + newDN[nrdns] = NULL; newRDN = (LDAPRDN)(newDN + nrdns+1); newAVA = (LDAPAVA *)(newRDN + navas + nrdns); baseAVA = newAVA; - /* Rewind and start extracting */ - ber_rewind( ber ); - - tag = ber_first_element( ber, &len, &dn_end ); for ( i = nrdns - 1; i >= 0; i-- ) { newDN[i] = newRDN; -- 2.30.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor