* Re: [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953
[not found] <1765B238F36B7A92.7352@lists.openembedded.org>
@ 2023-06-13 8:24 ` Vijay Anusuri
2023-06-13 13:49 ` Steve Sakoman
2023-06-15 12:27 ` akuster808
0 siblings, 2 replies; 5+ messages in thread
From: Vijay Anusuri @ 2023-06-13 8:24 UTC (permalink / raw)
To: vanusuri, Steve Sakoman; +Cc: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 7787 bytes --]
Hi Steve,
Any update on this ?
Thanks & Regards,
Vijay
On Mon, Jun 5, 2023 at 12:49 PM Vijay Anusuri via lists.openembedded.org
<vanusuri=mvista.com@lists.openembedded.org> wrote:
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Upstream-Status: Backport
> [
> https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
> &
> <https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce&>
>
> https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b
> ]
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
> .../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++
> .../openldap/openldap/CVE-2023-2953-2.patch | 76 +++++++++++++++++++
> .../openldap/openldap_2.4.57.bb | 2 +
> 3 files changed, 108 insertions(+)
> create mode 100644
> meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> create mode 100644
> meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
>
> diff --git
> a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> new file mode 100644
> index 000000000..f4b4eb95d
> --- /dev/null
> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> @@ -0,0 +1,30 @@
> +From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
> +From: Howard Chu <hyc@openldap.org>
> +Date: Wed, 24 Aug 2022 14:40:51 +0100
> +Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
> +
> +Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
> +
> +Upstream-Status: Backport [
> https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
> ]
> +CVE: CVE-2023-2953
> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> +---
> + libraries/libldap/fetch.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
> +index 9e426dc647..536871bcfe 100644
> +--- a/libraries/libldap/fetch.c
> ++++ b/libraries/libldap/fetch.c
> +@@ -69,6 +69,8 @@ ldif_open_url(
> + }
> +
> + p = ber_strdup( urlstr );
> ++ if ( p == NULL )
> ++ return NULL;
> +
> + /* But we should convert to LDAP_DIRSEP before use */
> + if ( LDAP_DIRSEP[0] != '/' ) {
> +--
> +GitLab
> +
> diff --git
> a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> new file mode 100644
> index 000000000..02c43bc44
> --- /dev/null
> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> @@ -0,0 +1,76 @@
> +From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001
> +From: Howard Chu <hyc@openldap.org>
> +Date: Thu, 25 Aug 2022 16:13:21 +0100
> +Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
> +
> +Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
> +failure when dup'ing scheme.
> +
> +Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
> +
> +Upstream-Status: Backport [
> https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b
> ]
> +CVE: CVE-2023-2953
> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> +---
> + libraries/libldap/url.c | 21 ++++++++++++---------
> + 1 file changed, 12 insertions(+), 9 deletions(-)
> +
> +diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
> +index dcf2aac9e8..493fd7ce47 100644
> +--- a/libraries/libldap/url.c
> ++++ b/libraries/libldap/url.c
> +@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
> + }
> + ludp->lud_port = port;
> + ludp->lud_host = specs[i];
> +- specs[i] = NULL;
> + p = strchr(ludp->lud_host, ':');
> + if (p != NULL) {
> + /* more than one :, IPv6 address */
> + if ( strchr(p+1, ':') != NULL ) {
> + /* allow [address] and [address]:port */
> + if ( *ludp->lud_host == '[' ) {
> +- p = LDAP_STRDUP(ludp->lud_host+1);
> +- /* copied, make sure we free
> source later */
> +- specs[i] = ludp->lud_host;
> +- ludp->lud_host = p;
> +- p = strchr( ludp->lud_host, ']' );
> ++ p = strchr( ludp->lud_host+1, ']'
> );
> + if ( p == NULL ) {
> + LDAP_FREE(ludp);
> + ldap_charray_free(specs);
> + return LDAP_PARAM_ERROR;
> + }
> +- *p++ = '\0';
> ++ /* Truncate trailing ']' and shift
> hostname down 1 char */
> ++ *p = '\0';
> ++ AC_MEMCPY( ludp->lud_host,
> ludp->lud_host+1, p - ludp->lud_host );
> ++ p++;
> + if ( *p != ':' ) {
> + if ( *p != '\0' ) {
> + LDAP_FREE(ludp);
> +@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
> + }
> + }
> + }
> +- ldap_pvt_hex_unescape(ludp->lud_host);
> + ludp->lud_scheme = LDAP_STRDUP("ldap");
> ++ if ( ludp->lud_scheme == NULL ) {
> ++ LDAP_FREE(ludp);
> ++ ldap_charray_free(specs);
> ++ return LDAP_NO_MEMORY;
> ++ }
> ++ specs[i] = NULL;
> ++ ldap_pvt_hex_unescape(ludp->lud_host);
> + ludp->lud_next = *ludlist;
> + *ludlist = ludp;
> + }
> +
> + /* this should be an array of NULLs now */
> +- /* except entries starting with [ */
> + ldap_charray_free(specs);
> + return LDAP_SUCCESS;
> + }
> +--
> +GitLab
> +
> diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> index e3e9caa1b..1e7e6b3d7 100644
> --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> @@ -24,6 +24,8 @@ SRC_URI = "
> http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
> file://openldap-CVE-2015-3276.patch \
> file://remove-user-host-pwd-from-version.patch \
> file://CVE-2022-29155.patch \
> + file://CVE-2023-2953-1.patch \
> + file://CVE-2023-2953-2.patch \
> "
> SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
> SRC_URI[sha256sum] =
> "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#103107):
> https://lists.openembedded.org/g/openembedded-devel/message/103107
> Mute This Topic: https://lists.openembedded.org/mt/99335615/7301997
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> vanusuri@mvista.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 11140 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953
2023-06-13 8:24 ` [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953 Vijay Anusuri
@ 2023-06-13 13:49 ` Steve Sakoman
2023-06-13 13:59 ` Vijay Anusuri
2023-06-15 12:27 ` akuster808
1 sibling, 1 reply; 5+ messages in thread
From: Steve Sakoman @ 2023-06-13 13:49 UTC (permalink / raw)
To: Vijay Anusuri; +Cc: openembedded-devel, Armin Kuster
On Mon, Jun 12, 2023 at 10:24 PM Vijay Anusuri <vanusuri@mvista.com> wrote:
> Any update on this ?
I'm the maintainer for oe-core and this is a meta-oe patch, so I
believe Armin is the right person for an update :-)
Steve
> On Mon, Jun 5, 2023 at 12:49 PM Vijay Anusuri via lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org> wrote:
>>
>> From: Vijay Anusuri <vanusuri@mvista.com>
>>
>> Upstream-Status: Backport
>> [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
>> &
>> https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
>>
>> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> ---
>> .../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++
>> .../openldap/openldap/CVE-2023-2953-2.patch | 76 +++++++++++++++++++
>> .../openldap/openldap_2.4.57.bb | 2 +
>> 3 files changed, 108 insertions(+)
>> create mode 100644 meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
>> create mode 100644 meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
>>
>> diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
>> new file mode 100644
>> index 000000000..f4b4eb95d
>> --- /dev/null
>> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
>> @@ -0,0 +1,30 @@
>> +From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
>> +From: Howard Chu <hyc@openldap.org>
>> +Date: Wed, 24 Aug 2022 14:40:51 +0100
>> +Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
>> +
>> +Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
>> +
>> +Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
>> +CVE: CVE-2023-2953
>> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> +---
>> + libraries/libldap/fetch.c | 2 ++
>> + 1 file changed, 2 insertions(+)
>> +
>> +diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
>> +index 9e426dc647..536871bcfe 100644
>> +--- a/libraries/libldap/fetch.c
>> ++++ b/libraries/libldap/fetch.c
>> +@@ -69,6 +69,8 @@ ldif_open_url(
>> + }
>> +
>> + p = ber_strdup( urlstr );
>> ++ if ( p == NULL )
>> ++ return NULL;
>> +
>> + /* But we should convert to LDAP_DIRSEP before use */
>> + if ( LDAP_DIRSEP[0] != '/' ) {
>> +--
>> +GitLab
>> +
>> diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
>> new file mode 100644
>> index 000000000..02c43bc44
>> --- /dev/null
>> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
>> @@ -0,0 +1,76 @@
>> +From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001
>> +From: Howard Chu <hyc@openldap.org>
>> +Date: Thu, 25 Aug 2022 16:13:21 +0100
>> +Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
>> +
>> +Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
>> +failure when dup'ing scheme.
>> +
>> +Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
>> +
>> +Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
>> +CVE: CVE-2023-2953
>> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> +---
>> + libraries/libldap/url.c | 21 ++++++++++++---------
>> + 1 file changed, 12 insertions(+), 9 deletions(-)
>> +
>> +diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
>> +index dcf2aac9e8..493fd7ce47 100644
>> +--- a/libraries/libldap/url.c
>> ++++ b/libraries/libldap/url.c
>> +@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
>> + }
>> + ludp->lud_port = port;
>> + ludp->lud_host = specs[i];
>> +- specs[i] = NULL;
>> + p = strchr(ludp->lud_host, ':');
>> + if (p != NULL) {
>> + /* more than one :, IPv6 address */
>> + if ( strchr(p+1, ':') != NULL ) {
>> + /* allow [address] and [address]:port */
>> + if ( *ludp->lud_host == '[' ) {
>> +- p = LDAP_STRDUP(ludp->lud_host+1);
>> +- /* copied, make sure we free source later */
>> +- specs[i] = ludp->lud_host;
>> +- ludp->lud_host = p;
>> +- p = strchr( ludp->lud_host, ']' );
>> ++ p = strchr( ludp->lud_host+1, ']' );
>> + if ( p == NULL ) {
>> + LDAP_FREE(ludp);
>> + ldap_charray_free(specs);
>> + return LDAP_PARAM_ERROR;
>> + }
>> +- *p++ = '\0';
>> ++ /* Truncate trailing ']' and shift hostname down 1 char */
>> ++ *p = '\0';
>> ++ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
>> ++ p++;
>> + if ( *p != ':' ) {
>> + if ( *p != '\0' ) {
>> + LDAP_FREE(ludp);
>> +@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
>> + }
>> + }
>> + }
>> +- ldap_pvt_hex_unescape(ludp->lud_host);
>> + ludp->lud_scheme = LDAP_STRDUP("ldap");
>> ++ if ( ludp->lud_scheme == NULL ) {
>> ++ LDAP_FREE(ludp);
>> ++ ldap_charray_free(specs);
>> ++ return LDAP_NO_MEMORY;
>> ++ }
>> ++ specs[i] = NULL;
>> ++ ldap_pvt_hex_unescape(ludp->lud_host);
>> + ludp->lud_next = *ludlist;
>> + *ludlist = ludp;
>> + }
>> +
>> + /* this should be an array of NULLs now */
>> +- /* except entries starting with [ */
>> + ldap_charray_free(specs);
>> + return LDAP_SUCCESS;
>> + }
>> +--
>> +GitLab
>> +
>> diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
>> index e3e9caa1b..1e7e6b3d7 100644
>> --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
>> +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
>> @@ -24,6 +24,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
>> file://openldap-CVE-2015-3276.patch \
>> file://remove-user-host-pwd-from-version.patch \
>> file://CVE-2022-29155.patch \
>> + file://CVE-2023-2953-1.patch \
>> + file://CVE-2023-2953-2.patch \
>> "
>> SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
>> SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#103107): https://lists.openembedded.org/g/openembedded-devel/message/103107
>> Mute This Topic: https://lists.openembedded.org/mt/99335615/7301997
>> Group Owner: openembedded-devel+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [vanusuri@mvista.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953
2023-06-13 13:49 ` Steve Sakoman
@ 2023-06-13 13:59 ` Vijay Anusuri
0 siblings, 0 replies; 5+ messages in thread
From: Vijay Anusuri @ 2023-06-13 13:59 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-devel, Armin Kuster
[-- Attachment #1: Type: text/plain, Size: 8437 bytes --]
Thanks for the update ...!!!
On Tue, Jun 13, 2023 at 7:20 PM Steve Sakoman <steve@sakoman.com> wrote:
> On Mon, Jun 12, 2023 at 10:24 PM Vijay Anusuri <vanusuri@mvista.com>
> wrote:
>
> > Any update on this ?
>
> I'm the maintainer for oe-core and this is a meta-oe patch, so I
> believe Armin is the right person for an update :-)
>
> Steve
>
> > On Mon, Jun 5, 2023 at 12:49 PM Vijay Anusuri via lists.openembedded.org
> <vanusuri=mvista.com@lists.openembedded.org> wrote:
> >>
> >> From: Vijay Anusuri <vanusuri@mvista.com>
> >>
> >> Upstream-Status: Backport
> >> [
> https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
> >> &
> >>
> https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b
> ]
> >>
> >> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> >> ---
> >> .../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++
> >> .../openldap/openldap/CVE-2023-2953-2.patch | 76 +++++++++++++++++++
> >> .../openldap/openldap_2.4.57.bb | 2 +
> >> 3 files changed, 108 insertions(+)
> >> create mode 100644
> meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> >> create mode 100644
> meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> >>
> >> diff --git
> a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> >> new file mode 100644
> >> index 000000000..f4b4eb95d
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> >> @@ -0,0 +1,30 @@
> >> +From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
> >> +From: Howard Chu <hyc@openldap.org>
> >> +Date: Wed, 24 Aug 2022 14:40:51 +0100
> >> +Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
> >> +
> >> +Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
> >> +
> >> +Upstream-Status: Backport [
> https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
> ]
> >> +CVE: CVE-2023-2953
> >> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> >> +---
> >> + libraries/libldap/fetch.c | 2 ++
> >> + 1 file changed, 2 insertions(+)
> >> +
> >> +diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
> >> +index 9e426dc647..536871bcfe 100644
> >> +--- a/libraries/libldap/fetch.c
> >> ++++ b/libraries/libldap/fetch.c
> >> +@@ -69,6 +69,8 @@ ldif_open_url(
> >> + }
> >> +
> >> + p = ber_strdup( urlstr );
> >> ++ if ( p == NULL )
> >> ++ return NULL;
> >> +
> >> + /* But we should convert to LDAP_DIRSEP before use */
> >> + if ( LDAP_DIRSEP[0] != '/' ) {
> >> +--
> >> +GitLab
> >> +
> >> diff --git
> a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> >> new file mode 100644
> >> index 000000000..02c43bc44
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> >> @@ -0,0 +1,76 @@
> >> +From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001
> >> +From: Howard Chu <hyc@openldap.org>
> >> +Date: Thu, 25 Aug 2022 16:13:21 +0100
> >> +Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
> >> +
> >> +Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
> >> +failure when dup'ing scheme.
> >> +
> >> +Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
> >> +
> >> +Upstream-Status: Backport [
> https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b
> ]
> >> +CVE: CVE-2023-2953
> >> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> >> +---
> >> + libraries/libldap/url.c | 21 ++++++++++++---------
> >> + 1 file changed, 12 insertions(+), 9 deletions(-)
> >> +
> >> +diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
> >> +index dcf2aac9e8..493fd7ce47 100644
> >> +--- a/libraries/libldap/url.c
> >> ++++ b/libraries/libldap/url.c
> >> +@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
> >> + }
> >> + ludp->lud_port = port;
> >> + ludp->lud_host = specs[i];
> >> +- specs[i] = NULL;
> >> + p = strchr(ludp->lud_host, ':');
> >> + if (p != NULL) {
> >> + /* more than one :, IPv6 address */
> >> + if ( strchr(p+1, ':') != NULL ) {
> >> + /* allow [address] and [address]:port */
> >> + if ( *ludp->lud_host == '[' ) {
> >> +- p =
> LDAP_STRDUP(ludp->lud_host+1);
> >> +- /* copied, make sure we free
> source later */
> >> +- specs[i] = ludp->lud_host;
> >> +- ludp->lud_host = p;
> >> +- p = strchr( ludp->lud_host, ']'
> );
> >> ++ p = strchr( ludp->lud_host+1,
> ']' );
> >> + if ( p == NULL ) {
> >> + LDAP_FREE(ludp);
> >> +
> ldap_charray_free(specs);
> >> + return LDAP_PARAM_ERROR;
> >> + }
> >> +- *p++ = '\0';
> >> ++ /* Truncate trailing ']' and
> shift hostname down 1 char */
> >> ++ *p = '\0';
> >> ++ AC_MEMCPY( ludp->lud_host,
> ludp->lud_host+1, p - ludp->lud_host );
> >> ++ p++;
> >> + if ( *p != ':' ) {
> >> + if ( *p != '\0' ) {
> >> + LDAP_FREE(ludp);
> >> +@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
> >> + }
> >> + }
> >> + }
> >> +- ldap_pvt_hex_unescape(ludp->lud_host);
> >> + ludp->lud_scheme = LDAP_STRDUP("ldap");
> >> ++ if ( ludp->lud_scheme == NULL ) {
> >> ++ LDAP_FREE(ludp);
> >> ++ ldap_charray_free(specs);
> >> ++ return LDAP_NO_MEMORY;
> >> ++ }
> >> ++ specs[i] = NULL;
> >> ++ ldap_pvt_hex_unescape(ludp->lud_host);
> >> + ludp->lud_next = *ludlist;
> >> + *ludlist = ludp;
> >> + }
> >> +
> >> + /* this should be an array of NULLs now */
> >> +- /* except entries starting with [ */
> >> + ldap_charray_free(specs);
> >> + return LDAP_SUCCESS;
> >> + }
> >> +--
> >> +GitLab
> >> +
> >> diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> >> index e3e9caa1b..1e7e6b3d7 100644
> >> --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> >> +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> >> @@ -24,6 +24,8 @@ SRC_URI = "
> http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
> >> file://openldap-CVE-2015-3276.patch \
> >> file://remove-user-host-pwd-from-version.patch \
> >> file://CVE-2022-29155.patch \
> >> + file://CVE-2023-2953-1.patch \
> >> + file://CVE-2023-2953-2.patch \
> >> "
> >> SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
> >> SRC_URI[sha256sum] =
> "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
> >> --
> >> 2.25.1
> >>
> >>
> >> -=-=-=-=-=-=-=-=-=-=-=-
> >> Links: You receive all messages sent to this group.
> >> View/Reply Online (#103107):
> https://lists.openembedded.org/g/openembedded-devel/message/103107
> >> Mute This Topic: https://lists.openembedded.org/mt/99335615/7301997
> >> Group Owner: openembedded-devel+owner@lists.openembedded.org
> >> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
> [vanusuri@mvista.com]
> >> -=-=-=-=-=-=-=-=-=-=-=-
> >>
>
[-- Attachment #2: Type: text/html, Size: 12989 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953
2023-06-13 8:24 ` [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953 Vijay Anusuri
2023-06-13 13:49 ` Steve Sakoman
@ 2023-06-15 12:27 ` akuster808
1 sibling, 0 replies; 5+ messages in thread
From: akuster808 @ 2023-06-15 12:27 UTC (permalink / raw)
To: Vijay Anusuri, Steve Sakoman; +Cc: openembedded-devel
its staged in stable/dunfell-nut
- armin
On 6/13/23 4:24 AM, Vijay Anusuri wrote:
> Hi Steve,
>
> Any update on this ?
>
> Thanks & Regards,
> Vijay
>
> On Mon, Jun 5, 2023 at 12:49 PM Vijay Anusuri via
> lists.openembedded.org <http://lists.openembedded.org>
> <vanusuri=mvista.com@lists.openembedded.org> wrote:
>
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Upstream-Status: Backport
> [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
> &
> <https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce&>
> https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
> .../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++
> .../openldap/openldap/CVE-2023-2953-2.patch | 76
> +++++++++++++++++++
> .../openldap/openldap_2.4.57.bb <http://openldap_2.4.57.bb>
> | 2 +
> 3 files changed, 108 insertions(+)
> create mode 100644
> meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> create mode 100644
> meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
>
> diff --git
> a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> new file mode 100644
> index 000000000..f4b4eb95d
> --- /dev/null
> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
> @@ -0,0 +1,30 @@
> +From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00
> 2001
> +From: Howard Chu <hyc@openldap.org>
> +Date: Wed, 24 Aug 2022 14:40:51 +0100
> +Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
> +
> +Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
> +
> +Upstream-Status: Backport
> [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
> +CVE: CVE-2023-2953
> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> +---
> + libraries/libldap/fetch.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
> +index 9e426dc647..536871bcfe 100644
> +--- a/libraries/libldap/fetch.c
> ++++ b/libraries/libldap/fetch.c
> +@@ -69,6 +69,8 @@ ldif_open_url(
> + }
> +
> + p = ber_strdup( urlstr );
> ++ if ( p == NULL )
> ++ return NULL;
> +
> + /* But we should convert to LDAP_DIRSEP before use */
> + if ( LDAP_DIRSEP[0] != '/' ) {
> +--
> +GitLab
> +
> diff --git
> a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> new file mode 100644
> index 000000000..02c43bc44
> --- /dev/null
> +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
> @@ -0,0 +1,76 @@
> +From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00
> 2001
> +From: Howard Chu <hyc@openldap.org>
> +Date: Thu, 25 Aug 2022 16:13:21 +0100
> +Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup
> failure
> +
> +Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
> +failure when dup'ing scheme.
> +
> +Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
> +
> +Upstream-Status: Backport
> [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
> +CVE: CVE-2023-2953
> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> +---
> + libraries/libldap/url.c | 21 ++++++++++++---------
> + 1 file changed, 12 insertions(+), 9 deletions(-)
> +
> +diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
> +index dcf2aac9e8..493fd7ce47 100644
> +--- a/libraries/libldap/url.c
> ++++ b/libraries/libldap/url.c
> +@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
> + }
> + ludp->lud_port = port;
> + ludp->lud_host = specs[i];
> +- specs[i] = NULL;
> + p = strchr(ludp->lud_host, ':');
> + if (p != NULL) {
> + /* more than one :, IPv6 address */
> + if ( strchr(p+1, ':') != NULL ) {
> + /* allow [address] and
> [address]:port */
> + if ( *ludp->lud_host == '[' ) {
> +- p =
> LDAP_STRDUP(ludp->lud_host+1);
> +- /* copied, make sure we
> free source later */
> +- specs[i] = ludp->lud_host;
> +- ludp->lud_host = p;
> +- p = strchr(
> ludp->lud_host, ']' );
> ++ p = strchr(
> ludp->lud_host+1, ']' );
> + if ( p == NULL ) {
> + LDAP_FREE(ludp);
> + ldap_charray_free(specs);
> + return
> LDAP_PARAM_ERROR;
> + }
> +- *p++ = '\0';
> ++ /* Truncate trailing ']'
> and shift hostname down 1 char */
> ++ *p = '\0';
> ++ AC_MEMCPY( ludp->lud_host,
> ludp->lud_host+1, p - ludp->lud_host );
> ++ p++;
> + if ( *p != ':' ) {
> + if ( *p != '\0' ) {
> + LDAP_FREE(ludp);
> +@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
> + }
> + }
> + }
> +- ldap_pvt_hex_unescape(ludp->lud_host);
> + ludp->lud_scheme = LDAP_STRDUP("ldap");
> ++ if ( ludp->lud_scheme == NULL ) {
> ++ LDAP_FREE(ludp);
> ++ ldap_charray_free(specs);
> ++ return LDAP_NO_MEMORY;
> ++ }
> ++ specs[i] = NULL;
> ++ ldap_pvt_hex_unescape(ludp->lud_host);
> + ludp->lud_next = *ludlist;
> + *ludlist = ludp;
> + }
> +
> + /* this should be an array of NULLs now */
> +- /* except entries starting with [ */
> + ldap_charray_free(specs);
> + return LDAP_SUCCESS;
> + }
> +--
> +GitLab
> +
> diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> <http://openldap_2.4.57.bb>
> b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> <http://openldap_2.4.57.bb>
> index e3e9caa1b..1e7e6b3d7 100644
> --- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> <http://openldap_2.4.57.bb>
> +++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
> <http://openldap_2.4.57.bb>
> @@ -24,6 +24,8 @@ SRC_URI =
> "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
> file://openldap-CVE-2015-3276.patch \
> file://remove-user-host-pwd-from-version.patch \
> file://CVE-2022-29155.patch \
> + file://CVE-2023-2953-1.patch \
> + file://CVE-2023-2953-2.patch \
> "
> SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
> SRC_URI[sha256sum] =
> "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
> --
> 2.25.1
>
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#103263): https://lists.openembedded.org/g/openembedded-devel/message/103263
> Mute This Topic: https://lists.openembedded.org/mt/99335615/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953
@ 2023-06-05 7:17 vanusuri
0 siblings, 0 replies; 5+ messages in thread
From: vanusuri @ 2023-06-05 7:17 UTC (permalink / raw)
To: openembedded-devel; +Cc: Vijay Anusuri
From: Vijay Anusuri <vanusuri@mvista.com>
Upstream-Status: Backport
[https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
&
https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
.../openldap/openldap/CVE-2023-2953-1.patch | 30 ++++++++
.../openldap/openldap/CVE-2023-2953-2.patch | 76 +++++++++++++++++++
.../openldap/openldap_2.4.57.bb | 2 +
3 files changed, 108 insertions(+)
create mode 100644 meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
create mode 100644 meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
new file mode 100644
index 000000000..f4b4eb95d
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch
@@ -0,0 +1,30 @@
+From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 24 Aug 2022 14:40:51 +0100
+Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
+
+Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
+
+Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
+CVE: CVE-2023-2953
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libraries/libldap/fetch.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
+index 9e426dc647..536871bcfe 100644
+--- a/libraries/libldap/fetch.c
++++ b/libraries/libldap/fetch.c
+@@ -69,6 +69,8 @@ ldif_open_url(
+ }
+
+ p = ber_strdup( urlstr );
++ if ( p == NULL )
++ return NULL;
+
+ /* But we should convert to LDAP_DIRSEP before use */
+ if ( LDAP_DIRSEP[0] != '/' ) {
+--
+GitLab
+
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
new file mode 100644
index 000000000..02c43bc44
--- /dev/null
+++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-2.patch
@@ -0,0 +1,76 @@
+From 6563fab9e2feccb0a684d0398e78571d09fb808b Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 25 Aug 2022 16:13:21 +0100
+Subject: [PATCH] ITS#9904 ldap_url_parsehosts: check for strdup failure
+
+Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
+failure when dup'ing scheme.
+
+Code present since 2000, 8da110a9e726dbc612b302feafe0109271e6bc59
+
+Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b]
+CVE: CVE-2023-2953
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ libraries/libldap/url.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
+index dcf2aac9e8..493fd7ce47 100644
+--- a/libraries/libldap/url.c
++++ b/libraries/libldap/url.c
+@@ -1385,24 +1385,22 @@ ldap_url_parsehosts(
+ }
+ ludp->lud_port = port;
+ ludp->lud_host = specs[i];
+- specs[i] = NULL;
+ p = strchr(ludp->lud_host, ':');
+ if (p != NULL) {
+ /* more than one :, IPv6 address */
+ if ( strchr(p+1, ':') != NULL ) {
+ /* allow [address] and [address]:port */
+ if ( *ludp->lud_host == '[' ) {
+- p = LDAP_STRDUP(ludp->lud_host+1);
+- /* copied, make sure we free source later */
+- specs[i] = ludp->lud_host;
+- ludp->lud_host = p;
+- p = strchr( ludp->lud_host, ']' );
++ p = strchr( ludp->lud_host+1, ']' );
+ if ( p == NULL ) {
+ LDAP_FREE(ludp);
+ ldap_charray_free(specs);
+ return LDAP_PARAM_ERROR;
+ }
+- *p++ = '\0';
++ /* Truncate trailing ']' and shift hostname down 1 char */
++ *p = '\0';
++ AC_MEMCPY( ludp->lud_host, ludp->lud_host+1, p - ludp->lud_host );
++ p++;
+ if ( *p != ':' ) {
+ if ( *p != '\0' ) {
+ LDAP_FREE(ludp);
+@@ -1428,14 +1426,19 @@ ldap_url_parsehosts(
+ }
+ }
+ }
+- ldap_pvt_hex_unescape(ludp->lud_host);
+ ludp->lud_scheme = LDAP_STRDUP("ldap");
++ if ( ludp->lud_scheme == NULL ) {
++ LDAP_FREE(ludp);
++ ldap_charray_free(specs);
++ return LDAP_NO_MEMORY;
++ }
++ specs[i] = NULL;
++ ldap_pvt_hex_unescape(ludp->lud_host);
+ ludp->lud_next = *ludlist;
+ *ludlist = ludp;
+ }
+
+ /* this should be an array of NULLs now */
+- /* except entries starting with [ */
+ ldap_charray_free(specs);
+ return LDAP_SUCCESS;
+ }
+--
+GitLab
+
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
index e3e9caa1b..1e7e6b3d7 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.4.57.bb
@@ -24,6 +24,8 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$
file://openldap-CVE-2015-3276.patch \
file://remove-user-host-pwd-from-version.patch \
file://CVE-2022-29155.patch \
+ file://CVE-2023-2953-1.patch \
+ file://CVE-2023-2953-2.patch \
"
SRC_URI[md5sum] = "e3349456c3a66e5e6155be7ddc3f042c"
SRC_URI[sha256sum] = "c7ba47e1e6ecb5b436f3d43281df57abeffa99262141aec822628bc220f6b45a"
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-06-15 12:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1765B238F36B7A92.7352@lists.openembedded.org>
2023-06-13 8:24 ` [oe][meta-oe][dunfell][PATCH] openldap: Fix CVE-2023-2953 Vijay Anusuri
2023-06-13 13:49 ` Steve Sakoman
2023-06-13 13:59 ` Vijay Anusuri
2023-06-15 12:27 ` akuster808
2023-06-05 7:17 vanusuri
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.