andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Blob Blame History Raw
From d41352806f44c47a9e99f9eb1b0bdfef7b0aa4f4 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Tue, 25 Jan 2022 12:27:02 -0500
Subject: [PATCH] Bug 2027783 - CVE-2021-4091 389-ds-base: double-free of the
 virtual attribute context in persistent search

Description:  Fix double free.  The double free is related to
persistent search req.   It was introduced with i
https://pagure.io/389-ds-base/issue/49097

Reviewed by: mreynolds, progier, jchapman
---
 ldap/servers/slapd/pblock.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 94e7c0ab7..56bbfc92e 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -330,6 +330,8 @@ slapi_pblock_clone(Slapi_PBlock *pb)
     if (pb->pb_intplugin != NULL) {
         _pblock_assert_pb_intplugin(new_pb);
         *(new_pb->pb_intplugin) = *(pb->pb_intplugin);
+        /* Make sure that only the cloned pblock refers to vattr_context */
+        pb->pb_intplugin->pb_vattr_context = NULL;
     }
     if (pb->pb_deprecated != NULL) {
         _pblock_assert_pb_deprecated(new_pb);
-- 
2.31.1