[Pkg-openldap-devel] r768 - in openldap/trunk-2.3/debian: . patches

Matthijs Mohlmann matthijs at alioth.debian.org
Sat Dec 23 13:08:21 CET 2006 

Author: matthijs
Date: 2006-12-23 13:08:21 +0100 (Sat, 23 Dec 2006)
New Revision: 768

Added:
   openldap/trunk-2.3/debian/patches/kbind-security-fix
Modified:
   openldap/trunk-2.3/debian/changelog
   openldap/trunk-2.3/debian/patches/series
Log:
 * Security bug in the ldap code when compiled with --enable-kbind 


Modified: openldap/trunk-2.3/debian/changelog
===================================================================
--- openldap/trunk-2.3/debian/changelog	2006-12-23 09:21:00 UTC (rev 767)
+++ openldap/trunk-2.3/debian/changelog	2006-12-23 12:08:21 UTC (rev 768)
@@ -2,8 +2,10 @@
 
   * Added spanish translation. (Closes: #404250)
   * Documentation updates backported from upstream.
+  * Fix a security bug in kerberos kbind code. (Only used when enabling with
+    --enable-kbind option) But better safe then sorry.
 
- -- Matthijs Mohlmann <matthijs at cacholong.nl>  Sat, 23 Dec 2006 10:20:27 +0100
+ -- Matthijs Mohlmann <matthijs at cacholong.nl>  Sat, 23 Dec 2006 13:05:52 +0100
 
 openldap2.3 (2.3.30-2) unstable; urgency=low
 

Added: openldap/trunk-2.3/debian/patches/kbind-security-fix
===================================================================
--- openldap/trunk-2.3/debian/patches/kbind-security-fix	2006-12-23 09:21:00 UTC (rev 767)
+++ openldap/trunk-2.3/debian/patches/kbind-security-fix	2006-12-23 12:08:21 UTC (rev 768)
@@ -0,0 +1,15 @@
+Index: servers/slapd/kerberos.c
+===================================================================
+--- servers/slapd/kerberos.c.orig
++++ servers/slapd/kerberos.c
+@@ -41,6 +41,10 @@
+ 
+ 	Debug( LDAP_DEBUG_TRACE, "=> kerberosv4_ldap_auth\n", 0, 0, 0 );
+ 
++	if( cred->len > sizeof(ktxt->dat) ) {
++		return LDAP_OTHER;
++	}
++
+ 	AC_MEMCPY( ktxt->dat, cred->bv_val, cred->bv_len );
+ 	ktxt->length = cred->bv_len;
+ 

Modified: openldap/trunk-2.3/debian/patches/series
===================================================================
--- openldap/trunk-2.3/debian/patches/series	2006-12-23 09:21:00 UTC (rev 767)
+++ openldap/trunk-2.3/debian/patches/series	2006-12-23 12:08:21 UTC (rev 768)
@@ -15,3 +15,4 @@
 sasl-default-path -p0
 man-slurpd -p0
 adminguide-docfixes -p0
+kbind-security-fix -p0

More information about the Pkg-openldap-devel mailing list