From 9fc7556a244d50085e5b3e4cf57024e6488f45e1 Mon Sep 17 00:00:00 2001 From: tonnerre Date: Thu, 3 Jul 2008 22:14:50 +0000 Subject: Add patch to fix a libBER Denial of Service in OpenLDAP. (CVE-2008-2952) --- databases/openldap-client/Makefile | 3 ++- databases/openldap/distinfo | 3 ++- databases/openldap/patches/patch-aa | 23 +++++++++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 databases/openldap/patches/patch-aa diff --git a/databases/openldap-client/Makefile b/databases/openldap-client/Makefile index 2cc67d810ad..395c1d0834d 100644 --- a/databases/openldap-client/Makefile +++ b/databases/openldap-client/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.8 2008/02/24 20:15:05 ghen Exp $ +# $NetBSD: Makefile,v 1.9 2008/07/03 22:14:50 tonnerre Exp $ PKGNAME= ${DISTNAME:S/-/-client-/} COMMENT= Lightweight Directory Access Protocol libraries and client programs +PKGREVISION= 1 CONFLICTS+= openldap<2.3.23nb1 diff --git a/databases/openldap/distinfo b/databases/openldap/distinfo index e53369bdf75..aeb1347a1be 100644 --- a/databases/openldap/distinfo +++ b/databases/openldap/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.63 2008/06/09 09:07:38 ghen Exp $ +$NetBSD: distinfo,v 1.64 2008/07/03 22:14:50 tonnerre Exp $ SHA1 (openldap-2.4.9.tgz) = 7c63d8552fd97e2e2e20310ef8c75e0202a624ee RMD160 (openldap-2.4.9.tgz) = bd6f9a4cf0d36c7def4ee002f2a2b445a8a1e711 Size (openldap-2.4.9.tgz) = 4440456 bytes +SHA1 (patch-aa) = 8c5c68ef53decb013114d606698cbd8a1c1b4e49 SHA1 (patch-ac) = 905b08c4dea8c61e044ccf66d6af22cc685a3ccc SHA1 (patch-ad) = 24e7ec27d592dd76bdec1e4805801c5304951daf SHA1 (patch-af) = 1ae9137e76e885e03d0f44727197a444893ec7c5 diff --git a/databases/openldap/patches/patch-aa b/databases/openldap/patches/patch-aa new file mode 100644 index 00000000000..fb76e2d2cc8 --- /dev/null +++ b/databases/openldap/patches/patch-aa @@ -0,0 +1,23 @@ +$NetBSD: patch-aa,v 1.10 2008/07/03 22:14:50 tonnerre Exp $ + +--- libraries/liblber/io.c.orig 2008-02-12 00:26:41.000000000 +0100 ++++ libraries/liblber/io.c +@@ -584,13 +584,11 @@ ber_get_next( + return LBER_DEFAULT; + } + /* Not enough bytes? */ +- if (ber->ber_rwptr - (char *)p < llen) { +-#if defined( EWOULDBLOCK ) +- sock_errset(EWOULDBLOCK); +-#elif defined( EAGAIN ) +- sock_errset(EAGAIN); +-#endif +- return LBER_DEFAULT; ++ i = ber->ber_rwptr - (char *)p; ++ if (i < llen) { ++ sblen=ber_int_sb_read( sb, ber->ber_rwptr, i ); ++ if (sblenber_rwptr += sblen; + } + for (i=0; i