diff options
Diffstat (limited to 'package/network/utils/curl/patches/112-CVE-2018-1000121.patch')
-rw-r--r-- | package/network/utils/curl/patches/112-CVE-2018-1000121.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/package/network/utils/curl/patches/112-CVE-2018-1000121.patch b/package/network/utils/curl/patches/112-CVE-2018-1000121.patch new file mode 100644 index 0000000000..8fdb3377d3 --- /dev/null +++ b/package/network/utils/curl/patches/112-CVE-2018-1000121.patch @@ -0,0 +1,37 @@ +From 8f341a5d6f15381492ca2013325d485b6d8d1c13 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Tue, 6 Mar 2018 23:02:16 +0100 +Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL + before using + +CVE-2018-1000121 +Reported-by: Dario Weisser +Bug: https://curl.haxx.se/docs/adv_2018-97a2.html +--- + lib/openldap.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/lib/openldap.c ++++ b/lib/openldap.c +@@ -443,7 +443,7 @@ static ssize_t ldap_recv(struct connectd + + for(ent = ldap_first_message(li->ld, msg); ent; + ent = ldap_next_message(li->ld, ent)) { +- struct berval bv, *bvals, **bvp = &bvals; ++ struct berval bv, *bvals; + int binary = 0, msgtype; + CURLcode writeerr; + +@@ -505,9 +505,9 @@ static ssize_t ldap_recv(struct connectd + } + data->req.bytecount += bv.bv_len + 5; + +- for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp); +- rc == LDAP_SUCCESS; +- rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) { ++ for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals); ++ (rc == LDAP_SUCCESS) && bvals; ++ rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) { + int i; + + if(bv.bv_val == NULL) break; |