blob: f4b4eb95d5bb1383e61f26c6891344058430472f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 24 Aug 2022 14:40:51 +0100
Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure
Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a
Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce]
CVE: CVE-2023-2953
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
libraries/libldap/fetch.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c
index 9e426dc647..536871bcfe 100644
--- a/libraries/libldap/fetch.c
+++ b/libraries/libldap/fetch.c
@@ -69,6 +69,8 @@ ldif_open_url(
}
p = ber_strdup( urlstr );
+ if ( p == NULL )
+ return NULL;
/* But we should convert to LDAP_DIRSEP before use */
if ( LDAP_DIRSEP[0] != '/' ) {
--
GitLab
|
