rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0018-CVE-2019-14824-BZ-1748201-deref-plugin-displays-rest.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   23263335ebf0cded2bfc5bc2e4fdf293bdd18a30
  2.   SOURCES
  3.   0018-CVE-2019-14824-BZ-1748201-deref-plugin-displays-rest.patch
Blob History Raw
232633 
From 9e244c9344a73af93cc79dd1176ce78971747027 Mon Sep 17 00:00:00 2001
232633 
From: Mark Reynolds <mreynolds@redhat.com>
232633 
Date: Tue, 3 Sep 2019 14:53:09 -0400
232633 
Subject: [PATCH] CVE-2019-14824 (BZ#1748201) - deref plugin displays
232633 
 restricted attributes
232633
232633 
Bug Description:  If there is an ACI that allows "search" access to an attribute,
232633 
                  the deref plugin access control checks sees this is a "read"
232633 
                  privilege and returns the attribute's value.
232633
232633 
Fix description:  For deref plugin we are only concerned with "read" access, not
232633 
                  "search" access.  Removed the SLAPI_ACL_SEARCH right flag when
232633 
                  checking access for an attribute.
232633
232633 
Reviewed by: lkrispen & tbordaz(Thanks!)
232633 
---
232633 
 ldap/servers/plugins/deref/deref.c | 6 +++---
232633 
 1 file changed, 3 insertions(+), 3 deletions(-)
232633
232633 
diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
232633 
index cb5ebb830..ec1884ba3 100644
232633 
--- a/ldap/servers/plugins/deref/deref.c
232633 
+++ b/ldap/servers/plugins/deref/deref.c
232633 
@@ -573,7 +573,7 @@ deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn,
232633 
     Slapi_Entry **entries = NULL;
232633 
     int rc;
232633
232633 
-    /*  If the access check on the attributes is done without retrieveing the entry
232633 
+    /*  If the access check on the attributes is done without retrieving the entry
232633 
  *  it cannot handle acis which need teh entry, eg to apply a targetfilter rule
232633 
  *  So the determination of attrs which can be dereferenced is delayed
232633 
  */
232633 
@@ -596,7 +596,7 @@ deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn,
232633 
                 int ii;
232633 
                 int needattrvals = 1; /* need attrvals sequence? */
232633 
                 if (deref_check_access(pb, entries[0], derefdn, attrs, &retattrs,
232633 
-                                       (SLAPI_ACL_SEARCH | SLAPI_ACL_READ))) {
232633 
+                                       SLAPI_ACL_READ)) {
232633 
                     slapi_log_err(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
232633 
                                   "deref_do_deref_attr - The client does not have permission to read the requested "
232633 
                                   "attributes in entry %s\n",
232633 
@@ -714,7 +714,7 @@ deref_pre_entry(Slapi_PBlock *pb)
232633 
         attrs[1] = NULL;
232633
232633 
         if (deref_check_access(pb, ent, NULL, attrs, &retattrs,
232633 
-                               (SLAPI_ACL_SEARCH | SLAPI_ACL_READ))) {
232633 
+                               SLAPI_ACL_READ)) {
232633 
             slapi_log_err(SLAPI_LOG_PLUGIN, DEREF_PLUGIN_SUBSYSTEM,
232633 
                           "deref_pre_entry - The client does not have permission to read attribute %s in entry %s\n",
232633 
                           spec->derefattr, slapi_entry_get_dn_const(ent));
232633 
--
232633 
2.21.0
232633

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation