1
Origin: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=e75c8720191c12db55ab2342fc8f560011c591b8
2
Description: fix for CVE-2011-4079. Also includes the following fix detected
3
by valgrind: d0dd8616f1c68a868afeb8c2c5c09969e366e2c0 (required for this
5
Bug: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
6
Bug-Ubuntu: https://launchpad.net/bugs/884163
8
Index: openldap-2.4.25/servers/slapd/schema_init.c
9
===================================================================
10
--- openldap-2.4.25.orig/servers/slapd/schema_init.c 2011-11-14 13:17:10.000000000 -0600
11
+++ openldap-2.4.25/servers/slapd/schema_init.c 2011-11-14 13:18:58.000000000 -0600
12
@@ -1852,12 +1852,12 @@
14
nvalue.bv_val[nvalue.bv_len] = '\0';
17
+ } else if ( tmp.bv_len ) {
18
/* string of all spaces is treated as one space */
19
nvalue.bv_val[0] = ' ';
20
nvalue.bv_val[1] = '\0';
23
+ } /* should never be entered with 0-length val */
27
@@ -2331,13 +2331,18 @@
29
lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val;
31
- normalized->bv_len = l;
32
+ normalized->bv_len = c = l;
34
- for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) {
35
+ for ( l = 0; l <= c; l++ ) {
36
/* NOTE: we directly normalize each line,
37
* without unescaping the values, since the special
38
* values '\24' ('$') and '\5C' ('\') are not affected
40
+ if ( !lines[l].bv_len ) {
41
+ nlines[l].bv_len = 0;
42
+ nlines[l].bv_val = NULL;
45
rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx );
46
if ( rc != LDAP_SUCCESS ) {
47
rc = LDAP_INVALID_SYNTAX;
49
normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx );
51
p = normalized->bv_val;
52
- for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) {
53
+ for ( l = 0; l <= c ; l++ ) {
54
p = lutil_strbvcopy( p, &nlines[l] );