openldap: Fix CVE-2023-2953

Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce & https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b] Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2023-06-05 12:47:40 +0530
committer: Armin Kuster <akuster808@gmail.com> 2023-06-23 06:58:18 -0400
commit: d8c29311e5840e0ab18b8767b66f1fe589f86449 (patch)
tree: 92131d0cde979a8e80d046306965ec2f2a322700
parent: 65efd6873526abbd1138b64bff941dc5f517fa41 (diff)
download: meta-openembedded-d8c29311e5840e0ab18b8767b66f1fe589f86449.tar.gz
3 files changed, 108 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
new file mode 100644
index 0000000000..f4b4eb95d5
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
@@ -0,0 +1,30 @@
+From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 24 Aug 2022 14:40:51 +0100
+Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
+Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
+Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
+CVE: CVE-2023-2953
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libraries/libldap/fetch.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
+index 9e426dc647..536871bcfe 100644
+--- a/libraries/libldap/fetch.c
+++ b/libraries/libldap/fetch.c
+@@ -69,6 +69,8 @@ ldif_open_url(
+                }
+ 
+                p = ber_strdup( urlstr );
+               if ( p == NULL )
+                       return NULL;
+ 
+                /* But we should convert to LDAP_DIRSEP before use */
+                if ( LDAP_DIRSEP[0] != '/' ) {
+-- 
+GitLab
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
new file mode 100644
index 0000000000..02c43bc445
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
@@ -0,0 +1,76 @@
+From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 25 Aug 2022 16:13:21 +0100
+Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
+Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
+failure when dup'ing scheme.
+Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
+Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
+CVE: CVE-2023-2953
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libraries/libldap/url.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
+index dcf2aac9e8..493fd7ce47 100644
+--- a/libraries/libldap/url.c
+++ b/libraries/libldap/url.c
+@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
+                }
+                ludp->lud_port = port;
+                ludp->lud_host = specs[i];
+-               specs[i] = NULL;
+                p = strchr(ludp->lud_host, ':');
+                if (p != NULL) {
+                        /* more than one :, IPv6 address */
+                        if ( strchr(p+1, ':') != NULL ) {
+                                /* allow [address] and [address]:port */
+                                if ( *ludp->lud_host == '[' ) {
+-                                       p = LDAP_STRDUP(ludp->lud_host+1);
+-                                       /* copied, make sure we free source later */
+-                                       specs[i] = ludp->lud_host;
+-                                       ludp->lud_host = p;
+-                                       p = strchr( ludp->lud_host, ']' );
+                                       p = strchr( ludp->lud_host+1, ']' );
+                                        if ( p == NULL ) {
+                                                LDAP_FREE(ludp);
+                                                ldap_charray_free(specs);
+                                                return LDAP_PARAM_ERROR;
+                                        }
+-                                       *p++ = '\0';
+                                       /* Truncate trailing ']' and shift hostname down 1 char */
+                                       *p = '\0';
+                                       AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
+                                       p++;
+                                        if ( *p != ':' ) {
+                                                if ( *p != '\0' ) {
+                                                        LDAP_FREE(ludp);
+@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
+                                }
+                        }
+                }
+-               ldap_pvt_hex_unescape(ludp->lud_host);
+                ludp->lud_scheme = LDAP_STRDUP("ldap");
+               if ( ludp->lud_scheme == NULL ) {
+                       LDAP_FREE(ludp);
+                       ldap_charray_free(specs);
+                       return LDAP_NO_MEMORY;
+               }
+               specs[i] = NULL;
+               ldap_pvt_hex_unescape(ludp->lud_host);
+                ludp->lud_next = *ludlist;
+                *ludlist = ludp;
+        }
+ 
+        /* this should be an array of NULLs now */
+-       /* except entries starting with [ */
+        ldap_charray_free(specs);
+        return LDAP_SUCCESS;
+ }
+-- 
+GitLab
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
index e3e9caa1b1..1e7e6b3d71 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
@@ -24,6 +24,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
    file://openldap-CVE-2015-3276.patch \
    file://remove-user-host-pwd-from-version.patch \
    file://CVE-2022-29155.patch \
+    file://CVE-2023-2953-1.patch \
+    file://CVE-2023-2953-2.patch \
 "
 SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
 SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
author	Vijay Anusuri <vanusuri@mvista.com>	2023-06-05 12:47:40 +0530
committer	Armin Kuster <akuster808@gmail.com>	2023-06-23 06:58:18 -0400
commit	d8c29311e5840e0ab18b8767b66f1fe589f86449 (patch)
tree	92131d0cde979a8e80d046306965ec2f2a322700
parent	65efd6873526abbd1138b64bff941dc5f517fa41 (diff)
download	meta-openembedded-d8c29311e5840e0ab18b8767b66f1fe589f86449.tar.gz

diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch new file mode 100644 index 0000000000..f4b4eb95d5 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
@@ -0,0 +1,30 @@
		1	From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
		2	From: Howard Chu <hyc@openldap.org>
		3	Date: Wed, 24 Aug 2022 14:40:51 +0100
		4	Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
		5
		6	Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
		7
		8	Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
		9	CVE: CVE-2023-2953
		10	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		11	---
		12	libraries/libldap/fetch.c \| 2 ++
		13	1 file changed, 2 insertions(+)
		14
		15	diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
		16	index 9e426dc647..536871bcfe 100644
		17	--- a/libraries/libldap/fetch.c
		18	+++ b/libraries/libldap/fetch.c
		19	@@ -69,6 +69,8 @@ ldif_open_url(
		20	}
		21
		22	p = ber_strdup( urlstr );
		23	+ if ( p == NULL )
		24	+ return NULL;
		25
		26	/* But we should convert to LDAP_DIRSEP before use */
		27	if ( LDAP_DIRSEP[0] != '/' ) {
		28	--
		29	GitLab
		30


diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch new file mode 100644 index 0000000000..02c43bc445 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
@@ -0,0 +1,76 @@
		1	From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001
		2	From: Howard Chu <hyc@openldap.org>
		3	Date: Thu, 25 Aug 2022 16:13:21 +0100
		4	Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
		5
		6	Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
		7	failure when dup'ing scheme.
		8
		9	Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
		10
		11	Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
		12	CVE: CVE-2023-2953
		13	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		14	---
		15	libraries/libldap/url.c \| 21 ++++++++++++---------
		16	1 file changed, 12 insertions(+), 9 deletions(-)
		17
		18	diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
		19	index dcf2aac9e8..493fd7ce47 100644
		20	--- a/libraries/libldap/url.c
		21	+++ b/libraries/libldap/url.c
		22	@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
		23	}
		24	ludp->lud_port = port;
		25	ludp->lud_host = specs[i];
		26	- specs[i] = NULL;
		27	p = strchr(ludp->lud_host, ':');
		28	if (p != NULL) {
		29	/* more than one :, IPv6 address */
		30	if ( strchr(p+1, ':') != NULL ) {
		31	/* allow [address] and [address]:port */
		32	if ( *ludp->lud_host == '[' ) {
		33	- p = LDAP_STRDUP(ludp->lud_host+1);
		34	- /* copied, make sure we free source later */
		35	- specs[i] = ludp->lud_host;
		36	- ludp->lud_host = p;
		37	- p = strchr( ludp->lud_host, ']' );
		38	+ p = strchr( ludp->lud_host+1, ']' );
		39	if ( p == NULL ) {
		40	LDAP_FREE(ludp);
		41	ldap_charray_free(specs);
		42	return LDAP_PARAM_ERROR;
		43	}
		44	- *p++ = '\0';
		45	+ /* Truncate trailing ']' and shift hostname down 1 char */
		46	+ *p = '\0';
		47	+ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
		48	+ p++;
		49	if ( *p != ':' ) {
		50	if ( *p != '\0' ) {
		51	LDAP_FREE(ludp);
		52	@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
		53	}
		54	}
		55	}
		56	- ldap_pvt_hex_unescape(ludp->lud_host);
		57	ludp->lud_scheme = LDAP_STRDUP("ldap");
		58	+ if ( ludp->lud_scheme == NULL ) {
		59	+ LDAP_FREE(ludp);
		60	+ ldap_charray_free(specs);
		61	+ return LDAP_NO_MEMORY;
		62	+ }
		63	+ specs[i] = NULL;
		64	+ ldap_pvt_hex_unescape(ludp->lud_host);
		65	ludp->lud_next = *ludlist;
		66	*ludlist = ludp;
		67	}
		68
		69	/* this should be an array of NULLs now */
		70	- /* except entries starting with [ */
		71	ldap_charray_free(specs);
		72	return LDAP_SUCCESS;
		73	}
		74	--
		75	GitLab
		76


diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb index e3e9caa1b1..1e7e6b3d71 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
@@ -24,6 +24,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
24	file://openldap-CVE-2015-3276.patch \	24	file://openldap-CVE-2015-3276.patch \
25	file://remove-user-host-pwd-from-version.patch \	25	file://remove-user-host-pwd-from-version.patch \
26	file://CVE-2022-29155.patch \	26	file://CVE-2022-29155.patch \
		27	file://CVE-2023-2953-1.patch \
		28	file://CVE-2023-2953-2.patch \
27	"	29	"
28	SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"	30	SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
29	SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"	31	SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"