packages/openldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openldap/CVE-2020-36224_36225_36226-4.patch
liuzy518 ede27e6033 openldap:fix CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 
Signed-off-by: liuzy518 <570407222@qq.com>
(cherry picked from commit c2a3318f4b2ba16a79b5b7b7e18e1a7186e16c58)
2021-02-20 14:24:56 +08:00

39 lines
1.1 KiB
Diff
Raw Blame History

From d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 1 Dec 2020 19:03:24 +0000
Subject: [PATCH] ITS#9413 fix slap_parse_user
---
servers/slapd/saslauthz.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index 4a9420b37..b17f34a21 100644
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -156,10 +156,9 @@ int slap_parse_user( struct berval *id, struct berval *user,
user->bv_val++;
user->bv_len = id->bv_len - ( user->bv_val - id->bv_val );
- mech->bv_val = ber_bvchr( id, '.' );
- if ( !BER_BVISNULL( mech ) ) {
- mech->bv_val[ 0 ] = '\0';
- mech->bv_val++;
+ if ( id->bv_val[1] == '.' ) {
+ id->bv_val[1] = '\0';
+ mech->bv_val = id->bv_val + 2;
mech->bv_len = user->bv_val - mech->bv_val - 1;
realm->bv_val = ber_bvchr( mech, '/' );
@@ -172,6 +171,7 @@ int slap_parse_user( struct berval *id, struct berval *user,
}
} else {
+ BER_BVZERO( mech );
BER_BVZERO( realm );
}
--
GitLab
Reference in New Issue View Git Blame Copy Permalink