diff --git a/SOURCES/0098-Bug-1123477-unauthenticated-information-disclosure.patch b/SOURCES/0098-Bug-1123477-unauthenticated-information-disclosure.patch new file mode 100644 index 0000000..5162ece --- /dev/null +++ b/SOURCES/0098-Bug-1123477-unauthenticated-information-disclosure.patch @@ -0,0 +1,103 @@ +From 394277fdcef70078b54a280de88ab06dd289cc7a Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Mon, 28 Jul 2014 09:42:43 -0700 +Subject: [PATCH] Bug 1123477 - unauthenticated information disclosure + +Fix Description: nscpentrywsi is returned only authenticated as root. +The bug was fixed by lkrispen@redhat.com (Ludwig Krispenz). +His patch was modified based upon this review comment. +https://bugzilla.redhat.com/show_bug.cgi?id=1123477#c2 + +https://bugzilla.redhat.com/show_bug.cgi?id=1123864 + +(cherry picked from commit aa90e26d5c4ea47b2a4a22f99cf0742cf48b3fae) +--- + ldap/servers/slapd/computed.c | 17 +++++++++++++++-- + ldap/servers/slapd/entrywsi.c | 2 +- + ldap/servers/slapd/slapi-plugin.h | 1 + + 3 files changed, 17 insertions(+), 3 deletions(-) + +diff --git a/ldap/servers/slapd/computed.c b/ldap/servers/slapd/computed.c +index 7c99b45..7a80c96 100644 +--- a/ldap/servers/slapd/computed.c ++++ b/ldap/servers/slapd/computed.c +@@ -59,6 +59,7 @@ struct _computed_attr_context { + struct _compute_evaluator { + struct _compute_evaluator *next; + slapi_compute_callback_t function; ++ int rootonly; + }; + typedef struct _compute_evaluator compute_evaluator; + +@@ -95,6 +96,13 @@ int compute_call_evaluators_nolock(computed_attr_context *c,slapi_compute_output + compute_evaluator *current = NULL; + + for (current = compute_evaluators; (current != NULL) && (-1 == rc); current = current->next) { ++ if (current->rootonly) { ++ int isroot; ++ slapi_pblock_get(c->pb, SLAPI_REQUESTOR_ISROOT, &isroot); ++ if (!isroot) { ++ continue; ++ } ++ } + rc = (*(current->function))(c,type,e,outfn); + } + return rc; +@@ -157,14 +165,19 @@ compute_stock_evaluator(computed_attr_context *c,char* type,Slapi_Entry *e,slapi + } + + static void +-compute_add_evaluator_nolock(slapi_compute_callback_t function, compute_evaluator *new_eval) ++compute_add_evaluator_nolock(slapi_compute_callback_t function, compute_evaluator *new_eval, int rootonly) + { + new_eval->next = compute_evaluators; + new_eval->function = function; ++ new_eval->rootonly = rootonly; + compute_evaluators = new_eval; + } + int slapi_compute_add_evaluator(slapi_compute_callback_t function) + { ++ return slapi_compute_add_evaluator_ext(function, 0); ++} ++int slapi_compute_add_evaluator_ext(slapi_compute_callback_t function, int rootonly) ++{ + int rc = 0; + compute_evaluator *new_eval = NULL; + PR_ASSERT(NULL != function); +@@ -187,7 +200,7 @@ int slapi_compute_add_evaluator(slapi_compute_callback_t function) + slapi_rwlock_wrlock(compute_evaluators_lock); + } + +- compute_add_evaluator_nolock(function, new_eval); ++ compute_add_evaluator_nolock(function, new_eval, rootonly); + + if (need_lock) { + slapi_rwlock_unlock(compute_evaluators_lock); +diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c +index 248a41f..0c01681 100644 +--- a/ldap/servers/slapd/entrywsi.c ++++ b/ldap/servers/slapd/entrywsi.c +@@ -898,7 +898,7 @@ entry_compute_nscpentrywsi(computed_attr_context *c,char* type,Slapi_Entry *e,sl + int + entry_computed_attr_init() + { +- slapi_compute_add_evaluator(entry_compute_nscpentrywsi); ++ slapi_compute_add_evaluator_ext(entry_compute_nscpentrywsi, 1 /* root only */); + return 0; + } + +diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h +index d8cfe33..e1cadbc 100644 +--- a/ldap/servers/slapd/slapi-plugin.h ++++ b/ldap/servers/slapd/slapi-plugin.h +@@ -6038,6 +6038,7 @@ typedef int (*slapi_compute_output_t)(computed_attr_context *c,Slapi_Attr *a , S + typedef int (*slapi_compute_callback_t)(computed_attr_context *c,char* type,Slapi_Entry *e,slapi_compute_output_t outputfn); + typedef int (*slapi_search_rewrite_callback_t)(Slapi_PBlock *pb); + int slapi_compute_add_evaluator(slapi_compute_callback_t function); ++int slapi_compute_add_evaluator_ext(slapi_compute_callback_t function, int rootonly); + int slapi_compute_add_search_rewriter(slapi_search_rewrite_callback_t function); + int compute_rewrite_search_filter(Slapi_PBlock *pb); + +-- +1.8.1.4 + diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index 3403b76..e69b32a 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -25,7 +25,7 @@ Summary: 389 Directory Server (base) Name: 389-ds-base Version: 1.3.1.6 -Release: %{?relprefix}25%{?prerel}%{?dist} +Release: %{?relprefix}26%{?prerel}%{?dist} License: GPLv2 with exceptions URL: http://port389.org/ Group: System Environment/Daemons @@ -211,6 +211,7 @@ Patch93: 0094-Ticket-47735-e_uniqueid-fails-to-set-if-an-entry-is-.patc Patch94: 0095-Ticket-47739-directory-server-is-insecurely-misinter.patch Patch95: 0096-Ticket-47735-e_uniqueid-fails-to-set-if-an-entry-is-.patch Patch96: 0097-Ticket-47759-Crash-in-replication-when-server-is-und.patch +Patch97: 0098-Bug-1123477-unauthenticated-information-disclosure.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -358,6 +359,7 @@ cp %{SOURCE2} README.devel %patch94 -p1 %patch95 -p1 %patch96 -p1 +%patch97 -p1 %build %if %{use_openldap} @@ -509,6 +511,11 @@ fi %{_libdir}/%{pkgname}/libns-dshttpd.so* %changelog +* Mon Jul 28 2014 Noriko Hosoi - 1.3.1.6-26 +- release 1.3.1.6-26 +- Resolves: #1123864 + EMBARGOED CVE-2014-3562 389-ds-base: 389-ds: unauthenticated information disclosure [rhel-7.0.z] (BZ 1123477) + * Thu Mar 31 2014 Noriko Hosoi - 1.3.1.6-25 - release 1.3.1.6-25 - Resolves: bug 1082740 - ns-slapd crash in reliability 15