~ius-coredev/ius/openldap24

« back to all changes in this revision

Viewing changes to SOURCES/openldap-cve-ndb-bind-rootdn.patch

Committer: Jeffrey Ness
Date: 2012-08-15 18:21:06 UTC
Revision ID: jeffrey.ness@rackspace.com-20120815182106-fifa0yp2oe0u3tsw

first

files added:

SOURCES

SOURCES/README.evolution

SOURCES/ldap.conf

SOURCES/ldap.init

SOURCES/ldap.sysconfig

SOURCES/libexec-create-certdb.sh

SOURCES/libexec-generate-server-cert.sh

SOURCES/openldap-2.4.32.tgz

SOURCES/openldap-bypass-checks-on-ops-with-managedsait.patch

SOURCES/openldap-cacertdir-hash-only.patch

SOURCES/openldap-clients-crash-password-args.patch

SOURCES/openldap-constraint-count.patch

SOURCES/openldap-constraint-overlay-config.patch

SOURCES/openldap-cve-ndb-bind-rootdn.patch

SOURCES/openldap-cve-ppolicy-forward-updates.patch

SOURCES/openldap-cve-relay-rwm-translucent.patch

SOURCES/openldap-dds-overlay-tolerance.patch

SOURCES/openldap-dns-priority.patch

SOURCES/openldap-evolution-ntlm.patch

SOURCES/openldap-export-ldif.patch

SOURCES/openldap-improve-trace-messages.patch

SOURCES/openldap-invalid-sockets.patch

SOURCES/openldap-ldaprc-currentdir.patch

SOURCES/openldap-man-clients-missing-options.patch

SOURCES/openldap-man-nss-tls-options.patch

SOURCES/openldap-man-sasl-nocanon.patch

SOURCES/openldap-man-slapo-unique.patch

SOURCES/openldap-manpages.patch

SOURCES/openldap-memberof-disallow-global.patch

SOURCES/openldap-memleak-def_urlpre.patch

SOURCES/openldap-memleak-referrals.patch

SOURCES/openldap-nss-allow-ca-dbdir-pemfile.patch

SOURCES/openldap-nss-ca-selfsigned.patch

SOURCES/openldap-nss-can-ignore-expired-issuer.patch

SOURCES/openldap-nss-cipher-suites.patch

SOURCES/openldap-nss-db-prefix.patch

SOURCES/openldap-nss-deferred-init-copy-params.patch

SOURCES/openldap-nss-delay-token-auth.patch

SOURCES/openldap-nss-disable-nofork.patch

SOURCES/openldap-nss-free-peer-cert.patch

SOURCES/openldap-nss-handshake-threadsafe.patch

SOURCES/openldap-nss-init-threadsafe.patch

SOURCES/openldap-nss-memleak-free-certs.patch

SOURCES/openldap-nss-no-certkey-segfault.patch

SOURCES/openldap-nss-non-blocking.patch

SOURCES/openldap-nss-reqcert-hostname.patch

SOURCES/openldap-nss-reqcert.patch

SOURCES/openldap-nss-restart-modules-fork.patch

SOURCES/openldap-nss-verifycert.patch

SOURCES/openldap-nss-wildcards.patch

SOURCES/openldap-reentrant-gethostby.patch

SOURCES/openldap-refint-overlay-nothing.patch

SOURCES/openldap-reject-non-file-keyfiles.patch

SOURCES/openldap-security-dos-empty-modrdn.patch

SOURCES/openldap-security-pie.patch

SOURCES/openldap-segfault-ldif-indent.patch

SOURCES/openldap-segfault-ldif-nl-end.patch

SOURCES/openldap-slapadd-hang.patch

SOURCES/openldap-smbk5pwd-overlay.patch

SOURCES/openldap-sql-datatypes.patch

SOURCES/openldap-sql-linking.patch

SOURCES/openldap-use-cacert-dir-and-file.patch

SOURCES/openldap-userconfig-setgid.patch

SOURCES/openldap-verify-self-issued-certs.patch

SOURCES/slapd.conf

SOURCES/slapd.portreserve

SPECS

SPECS/openldap24.spec

Show diffs side-by-side

added added

removed removed

SOURCES/openldap-cve-ndb-bind-rootdn.patch

(CVE-2011-1025) CVE-2011-1025 openldap: rootpw is not verified with slapd.conf

Resolves: #680472 (tracker)

Upstream ITS: #6661

Upstream patch: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ndb/bind.cpp.diff?r1=1.5&r2=1.8

diff -uNPrp openldap-2.4.23/servers/slapd/back-ndb/bind.cpp openldap-2.4.23.fix/servers/slapd/back-ndb/bind.cpp

--- openldap-2.4.23/servers/slapd/back-ndb/bind.cpp 2010-04-13 22:23:34.000000000 +0200

+++ openldap-2.4.23.fix/servers/slapd/back-ndb/bind.cpp 2011-02-28 15:05:48.014126213 +0100

@@ -43,11 +43,13 @@ ndb_back_bind( Operation *op, SlapReply

/* allow noauth binds */

switch ( be_rootdn_bind( op, NULL ) ) {

- case SLAP_CB_CONTINUE:

- break;

+ case LDAP_SUCCESS:

+ /* frontend will send result */

+ return rs->sr_err = LDAP_SUCCESS;

default:

- return rs->sr_err;

+ /* give the database a chance */

+ break;

}

/* Get our NDB handle */

Older »