Bug#448644: CVE-2007-5708 remote denial of service

Sun, 04 Nov 2007 05:43:07 -0800 

Hi,
sorry the first patch was missing an ',', updated patch
attached.
Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u openldap2.3-2.3.38/debian/changelog openldap2.3-2.3.38/debian/changelog
--- openldap2.3-2.3.38/debian/changelog
+++ openldap2.3-2.3.38/debian/changelog
@@ -1,3 +1,11 @@
+openldap2.3 (2.3.38-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by testing security team.
+  * Fixed missing usage of calloc instead of malloc which might
+    lead to a denial of service attack (CVE-2007-5708) (Closes: #448644).
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Sun, 04 Nov 2007 13:42:20 +0100
+
 openldap2.3 (2.3.38-1) unstable; urgency=low
 
   [ Steve Langasek ]
diff -u openldap2.3-2.3.38/debian/patches/series openldap2.3-2.3.38/debian/patches/series
--- openldap2.3-2.3.38/debian/patches/series
+++ openldap2.3-2.3.38/debian/patches/series
@@ -13,0 +14 @@
+CVE-2007-5708 -p0
only in patch2:
unchanged:
--- openldap2.3-2.3.38.orig/debian/patches/CVE-2007-5708
+++ openldap2.3-2.3.38/debian/patches/CVE-2007-5708
@@ -0,0 +1,31 @@
+diff -Nurad servers~/slapd/overlays/pcache.c servers/slapd/overlays/pcache.c
+--- servers~/slapd/overlays/pcache.c	2007-11-04 14:15:16.000000000 +0100
++++ servers/slapd/overlays/pcache.c	2007-11-04 14:15:58.000000000 +0100
+@@ -1135,7 +1135,7 @@
+ 		count++;
+ 	}
+ 
+-	*new_attrs = (AttributeName*)ch_malloc((count+1)*
++	*new_attrs = (AttributeName*)ch_calloc(count + 1,
+ 		sizeof(AttributeName));
+ 	for (i=0; i<attrs->count; i++) {
+ 		(*new_attrs)[i].an_name = attrs->attrs[i].an_name;
+@@ -1156,18 +1156,13 @@
+ 			continue;
+ 		(*new_attrs)[j].an_name = filter_attrs[i].an_name;
+ 		(*new_attrs)[j].an_desc = filter_attrs[i].an_desc;
+-		(*new_attrs)[j].an_oc = NULL;
+-		(*new_attrs)[j].an_oc_exclude = 0;
+ 		j++;
+ 	}
+ 	if ( addoc ) {
+ 		(*new_attrs)[j].an_name = slap_schema.si_ad_objectClass->ad_cname;
+ 		(*new_attrs)[j].an_desc = slap_schema.si_ad_objectClass;
+-		(*new_attrs)[j].an_oc = NULL;
+-		(*new_attrs)[j].an_oc_exclude = 0;
+ 		j++;
+ 	}
+-	BER_BVZERO( &(*new_attrs)[j].an_name );
+ }
+ 
+ /* NOTE: this is a quick workaround to let pcache minimally interact

Attachment: pgpV70DE013Yw.pgp
Description: PGP signature

Reply via email to