diff --git a/SOURCES/openldap-ITS-9383-remove-assert-in-certificateListValidate.patch b/SOURCES/openldap-ITS-9383-remove-assert-in-certificateListValidate.patch new file mode 100644 index 0000000..4e863d6 --- /dev/null +++ b/SOURCES/openldap-ITS-9383-remove-assert-in-certificateListValidate.patch @@ -0,0 +1,26 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa62..28f9e71a16 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +GitLab + diff --git a/SOURCES/openldap-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch b/SOURCES/openldap-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch new file mode 100644 index 0000000..4480922 --- /dev/null +++ b/SOURCES/openldap-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch @@ -0,0 +1,27 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 5812bc4b66..ea0d67aa62 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5327,8 +5327,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + +-- +GitLab + diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 81dcc70..4a9b3df 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec @@ -5,7 +5,7 @@ Name: openldap Version: 2.4.44 -Release: 24%{?dist} +Release: 25%{?dist} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP @@ -58,6 +58,8 @@ Patch37: openldap-ITS8655-fix-double-free-on-paged-search-with-pagesize-0.patch Patch38: openldap-ITS8720-back-ldap-starttls-timeout.patch Patch39: openldap-ITS-9202-limit-depth-of-nested-filters.patch Patch40: openldap-ITS-9370-check-for-equality-rule-on-old_rdn.patch +Patch41: openldap-ITS-9383-remove-assert-in-certificateListValidate.patch +Patch42: openldap-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch # fixes for DH and ECDH Patch50: openldap-openssl-its7506-fix-DH-params-1.patch @@ -190,6 +192,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch38 -p1 %patch39 -p1 %patch40 -p1 +%patch41 -p1 +%patch42 -p1 %patch50 -p1 %patch51 -p1 %patch52 -p1 @@ -681,6 +685,10 @@ exit 0 %{_mandir}/man3/* %changelog +* Wed Jan 19 2022 Simon Pichugin - 2.4.44-25 +- Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation (#2040539) +- Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input (#2040538) + * Wed Aug 4 2021 Simon Pichugin - 2.4.44-24 - CLDAP ldap_result hangs if nobody listens on the port (#1989919)