diff options
Diffstat (limited to 'gnu/packages/patches/openldap-CVE-2017-9287.patch')
-rw-r--r-- | gnu/packages/patches/openldap-CVE-2017-9287.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/openldap-CVE-2017-9287.patch b/gnu/packages/patches/openldap-CVE-2017-9287.patch new file mode 100644 index 0000000000..5ca2a60c60 --- /dev/null +++ b/gnu/packages/patches/openldap-CVE-2017-9287.patch @@ -0,0 +1,37 @@ +Fix CVE-2017-9287: + +https://www.openldap.org/its/?findid=8655 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287 + +Patch copied from upstream source repository: + +https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e + +From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 +From: Ryan Tandy <ryan@nardis.ca> +Date: Wed, 17 May 2017 20:07:39 -0700 +Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 + +Fixes a double free when a search includes the Paged Results control +with a page size of 0 and the search base matches the filter. +--- + servers/slapd/back-mdb/search.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c +index 301d1a498c..43442aa242 100644 +--- a/servers/slapd/back-mdb/search.c ++++ b/servers/slapd/back-mdb/search.c +@@ -1066,7 +1066,8 @@ notfound: + /* check size limit */ + if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { + if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { +- mdb_entry_return( op, e ); ++ if (e != base) ++ mdb_entry_return( op, e ); + e = NULL; + send_paged_response( op, rs, &lastid, tentries ); + goto done; +-- +2.13.0 + |