diff options
| author | ghen <ghen@pkgsrc.org> | 2006-11-27 12:44:36 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2006-11-27 12:44:36 +0000 |
| commit | f2604541780e15f7152cbc7fca0ffe980c5a733d (patch) | |
| tree | dfc4cfc6f47008864ccd5c52438416533a572506 /databases/openldap | |
| parent | 1471b23218552cdbefca51d9d16da697c096eabf (diff) | |
| download | pkgsrc-f2604541780e15f7152cbc7fca0ffe980c5a733d.tar.gz | |
Add a fix for CVE-2006-5779 as openldap/patches/patch-ap, from OpenLDAP CVS.
Bump PKGREVISION for openldap-client and openldap-server.
Diffstat (limited to 'databases/openldap')
| -rw-r--r-- | databases/openldap/distinfo | 3 | ||||
| -rw-r--r-- | databases/openldap/patches/patch-ap | 34 |
2 files changed, 36 insertions, 1 deletions
diff --git a/databases/openldap/distinfo b/databases/openldap/distinfo index b0d19ecf614..122f9e621ac 100644 --- a/databases/openldap/distinfo +++ b/databases/openldap/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.50 2006/08/25 07:02:28 ghen Exp $ +$NetBSD: distinfo,v 1.51 2006/11/27 12:44:36 ghen Exp $ SHA1 (openldap-2.3.27.tgz) = c2b6ac3ec89d0f58d079592946d045dba45edafe RMD160 (openldap-2.3.27.tgz) = 8c25c39689daa515f14e88611490ae6d8df0911c @@ -13,3 +13,4 @@ SHA1 (patch-ak) = 80685a7b46ded94722ea91c2842db424572d6513 SHA1 (patch-am) = 06c17b10bb8cc091461b82fca2b5d6032b613c78 SHA1 (patch-an) = f98c6457474247c092dd0a062e86560cc894ec4e SHA1 (patch-ao) = 6276a1226689fc3be3ffacbcd8df2e4f3e51d1a0 +SHA1 (patch-ap) = 65173e053006d452eb9b60f51829f45bffe442ae diff --git a/databases/openldap/patches/patch-ap b/databases/openldap/patches/patch-ap new file mode 100644 index 00000000000..d7c3310814a --- /dev/null +++ b/databases/openldap/patches/patch-ap @@ -0,0 +1,34 @@ +$NetBSD: patch-ap,v 1.1 2006/11/27 12:44:36 ghen Exp $ + +Fix for CVE-2006-5779, from OpenLDAP CVS. Versions >= 2.3.29 will have it. + +--- libraries/libldap/getdn.c.orig 2006-01-16 20:06:12.000000000 +0100 ++++ libraries/libldap/getdn.c +@@ -2025,7 +2025,7 @@ static int + strval2strlen( struct berval *val, unsigned flags, ber_len_t *len ) + { + ber_len_t l, cl = 1; +- char *p; ++ char *p, *end; + int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3; + #ifdef PRETTY_ESCAPE + int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3; +@@ -2039,7 +2039,8 @@ strval2strlen( struct berval *val, unsig + return( 0 ); + } + +- for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) { ++ end = val->bv_val + val->bv_len - 1; ++ for ( l = 0, p = val->bv_val; p <= end; p += cl ) { + + /* + * escape '%x00' +@@ -2068,7 +2069,7 @@ strval2strlen( struct berval *val, unsig + } else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] ) + || LDAP_DN_SHOULDESCAPE( p[ 0 ] ) + || ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) ) +- || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { ++ || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) { + #ifdef PRETTY_ESCAPE + #if 0 + if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) { |