1 files changed, 30 insertions, 0 deletions

diff --git a/meta-oe/recipes-support/openldap/openldap-2.4.40/0001-ITS-8027-require-non-empty-AttributeList.patch b/meta-oe/recipes-support/openldap/openldap-2.4.40/0001-ITS-8027-require-non-empty-AttributeList.patch
new file mode 100644
index 0000000000..91c2178c3f
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap-2.4.40/0001-ITS-8027-require-non-empty-AttributeList.patch
@@ -0,0 +1,30 @@
+From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Jan 2015 22:25:53 +0000
+Subject: [PATCH] ITS#8027 require non-empty AttributeList
+
+Upstream-Status: Backup
+
+Fix the CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545
+
+---
+ servers/slapd/overlays/deref.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c
+index 9420e3e..05aa890 100644
+--- a/servers/slapd/overlays/deref.c
++++ b/servers/slapd/overlays/deref.c
+@@ -183,7 +183,8 @@ deref_parseCtrl (
+                ber_len_t cnt = sizeof(struct berval);
+                ber_len_t off = 0;
+ 
+-               if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
++               if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
++                       || !cnt )
+                {
+                        rs->sr_text = "Dereference control: derefSpec decoding error";
+                        rs->sr_err = LDAP_PROTOCOL_ERROR;
+-- 
+1.9.1
+