1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Mon, 19 Jan 2015 22:25:53 +0000
Subject: [PATCH] ITS#8027 require non-empty AttributeList
Upstream-Status: Backup
Fix the CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545
---
servers/slapd/overlays/deref.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c
index 9420e3e..05aa890 100644
--- a/servers/slapd/overlays/deref.c
+++ b/servers/slapd/overlays/deref.c
@@ -183,7 +183,8 @@ deref_parseCtrl (
ber_len_t cnt = sizeof(struct berval);
ber_len_t off = 0;
- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
+ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
+ || !cnt )
{
rs->sr_text = "Dereference control: derefSpec decoding error";
rs->sr_err = LDAP_PROTOCOL_ERROR;
--
1.9.1
|
