Package: openldap / 2.4.44+dfsg-5+deb9u3

ITS-8385-Fix-use-after-free-with-GnuTLS.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
From 283f3ae1713df449cc170965b311b19157f7b7ea Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sat, 12 Mar 2016 11:03:29 +0000
Subject: [PATCH] ITS#8385 Fix use-after-free with GnuTLS

---
 libraries/libldap/tls_g.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -47,11 +47,11 @@
 #define DH_BITS	(1024)
 
 typedef struct tlsg_ctx {
-	struct ldapoptions *lo;
 	gnutls_certificate_credentials_t cred;
 	gnutls_dh_params_t dh_params;
 	unsigned long verify_depth;
 	int refcount;
+	int reqcert;
 	gnutls_priority_t prios;
 #ifdef LDAP_R_COMPILE
 	ldap_pvt_thread_mutex_t ref_mutex;
@@ -143,7 +143,6 @@
 
 	ctx = ber_memcalloc ( 1, sizeof (*ctx) );
 	if ( ctx ) {
-		ctx->lo = lo;
 		if ( gnutls_certificate_allocate_credentials( &ctx->cred )) {
 			ber_memfree( ctx );
 			return NULL;
@@ -316,6 +315,9 @@
 		gnutls_dh_params_init(&ctx->dh_params);
 		gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
 	}
+
+	ctx->reqcert = lo->ldo_tls_require_cert;
+
 	return 0;
 }
 
@@ -337,10 +339,10 @@
 	
 	if ( is_server ) {
 		int flag = 0;
-		if ( c->lo->ldo_tls_require_cert ) {
+		if ( c->reqcert ) {
 			flag = GNUTLS_CERT_REQUEST;
-			if ( c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
-				c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD )
+			if ( c->reqcert == LDAP_OPT_X_TLS_DEMAND ||
+				c->reqcert == LDAP_OPT_X_TLS_HARD )
 				flag = GNUTLS_CERT_REQUIRE;
 			gnutls_certificate_server_set_request( session->session, flag );
 		}
@@ -355,17 +357,17 @@
 	int rc;
 
 	rc = gnutls_handshake( s->session );
-	if ( rc == 0 && s->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) {
+	if ( rc == 0 && s->ctx->reqcert != LDAP_OPT_X_TLS_NEVER ) {
 		const gnutls_datum_t *peer_cert_list;
 		unsigned int list_size;
 
 		peer_cert_list = gnutls_certificate_get_peers( s->session, 
 						&list_size );
-		if ( !peer_cert_list && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_TRY ) 
+		if ( !peer_cert_list && s->ctx->reqcert == LDAP_OPT_X_TLS_TRY )
 			rc = 0;
 		else {
 			rc = tlsg_cert_verify( s );
-			if ( rc && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW )
+			if ( rc && s->ctx->reqcert == LDAP_OPT_X_TLS_ALLOW )
 				rc = 0;
 		}
 	}