diff options
Diffstat (limited to 'meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch')
-rw-r--r-- | meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch new file mode 100644 index 0000000000..f4b4eb95d5 --- /dev/null +++ b/meta-oe/recipes-support/openldap/openldap/CVE-2023-2953-1.patch @@ -0,0 +1,30 @@ +From 752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 24 Aug 2022 14:40:51 +0100 +Subject: [PATCH] ITS#9904 ldif_open_url: check for ber_strdup failure + +Code present since 1999, df8f7cbb9b79be3be9205d116d1dd0b263d6861a + +Upstream-Status: Backport [https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce] +CVE: CVE-2023-2953 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + libraries/libldap/fetch.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libraries/libldap/fetch.c b/libraries/libldap/fetch.c +index 9e426dc647..536871bcfe 100644 +--- a/libraries/libldap/fetch.c ++++ b/libraries/libldap/fetch.c +@@ -69,6 +69,8 @@ ldif_open_url( + } + + p = ber_strdup( urlstr ); ++ if ( p == NULL ) ++ return NULL; + + /* But we should convert to LDAP_DIRSEP before use */ + if ( LDAP_DIRSEP[0] != '/' ) { +-- +GitLab + |