Add patch from OpenLDAP GIT repository to fix CVE-2013-4449 (SA55238).

2 files changed, 26 insertions, 1 deletions

diff --git a/databases/openldap/distinfo b/databases/openldap/distinfo
index 47e822837fc..4e5207e5515 100644
--- a/databases/openldap/distinfo
+++ b/databases/openldap/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.94 2014/01/28 20:18:08 adam Exp $
+$NetBSD: distinfo,v 1.95 2014/05/09 08:12:00 tron Exp $
 
 SHA1 (openldap-2.4.39.tgz) = 2b8e8401214867c361f7212e7058f95118b5bd6c
 RMD160 (openldap-2.4.39.tgz) = da68043bd38e9d58811599d43bfdbc8f6c9b6f58
@@ -18,3 +18,4 @@ SHA1 (patch-contrib_slapd-modules_nops_slapo-nops.5) = f32352f19361b7e9aa5b038ae
 SHA1 (patch-da) = 880b25a9266ee057f7269c5be46ef3c3fecf16b4
 SHA1 (patch-dd) = 9c74118ff0b2232bda729c9917082fceef41dd16
 SHA1 (patch-de) = be3833817205483b62cf3216b27f53a951621198
+SHA1 (patch-libraries_librewrite_session.c) = e698d168556750ea790c563d439dd2fd8c87038e
diff --git a/databases/openldap/patches/patch-libraries_librewrite_session.c b/databases/openldap/patches/patch-libraries_librewrite_session.c
new file mode 100644
index 00000000000..905861bc43d
--- /dev/null
+++ b/databases/openldap/patches/patch-libraries_librewrite_session.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-libraries_librewrite_session.c,v 1.1 2014/05/09 08:12:00 tron Exp $
+
+Fix for CVE-2013-4449 taken from the OpenLDA GIT repository:
+
+http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=59688044386dfeee0c837a15133f4e878f1bb661
+
+--- libraries/librewrite/session.c.orig	2014-01-25 13:36:15.000000000 +0000
++++ libraries/librewrite/session.c	2014-05-09 09:03:51.000000000 +0100
+@@ -161,6 +161,7 @@
+ #ifdef USE_REWRITE_LDAP_PVT_THREADS
+ 	if ( session ) {
+ 		ldap_pvt_thread_mutex_lock( &session->ls_mutex );
++		session->ls_count++;
+ 	}
+ 	ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex );
+ #endif /* USE_REWRITE_LDAP_PVT_THREADS */
+@@ -178,6 +179,7 @@
+ )
+ {
+ 	assert( session != NULL );
++	session->ls_count--;
+ 	ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
+ }
+