package/network/utils/curl/patches/112-CVE-2018-1000121.patch

   1 From 8f341a5d6f15381492ca2013325d485b6d8d1c13 Mon Sep 17 00:00:00 2001
   2 From: Daniel Stenberg <daniel@haxx.se>
   3 Date: Tue, 6 Mar 2018 23:02:16 +0100
   4 Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL
   5  before using
   6
   7 CVE-2018-1000121
   8 Reported-by: Dario Weisser
   9 Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
  10 ---
  11  lib/openldap.c | 8 ++++----
  12  1 file changed, 4 insertions(+), 4 deletions(-)
  13
  14 --- a/lib/openldap.c
  15 +++ b/lib/openldap.c
  16 @@ -443,7 +443,7 @@ static ssize_t ldap_recv(struct connectd
  17
  18    for(ent = ldap_first_message(li->ld, msg); ent;
  19      ent = ldap_next_message(li->ld, ent)) {
  20 -    struct berval bv, *bvals, **bvp = &bvals;
  21 +    struct berval bv, *bvals;
  22      int binary = 0, msgtype;
  23      CURLcode writeerr;
  24
  25 @@ -505,9 +505,9 @@ static ssize_t ldap_recv(struct connectd
  26      }
  27      data->req.bytecount += bv.bv_len + 5;
  28
  29 -    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
  30 -      rc == LDAP_SUCCESS;
  31 -      rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
  32 +    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
  33 +        (rc == LDAP_SUCCESS) && bvals;
  34 +        rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
  35        int i;
  36
  37        if(bv.bv_val == NULL) break;