aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch')
-rw-r--r--meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch83
1 files changed, 83 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
new file mode 100644
index 000000000..0ddea03c6
--- /dev/null
+++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl/CVE-2022-24407.patch
@@ -0,0 +1,83 @@
+From 906b863c5308567086c6437ce17335b1922a78d1 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 15 Jun 2022 10:44:50 +0530
+Subject: [PATCH] CVE-2022-24407
+
+Upstream-Status: Backport [https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc]
+CVE: CVE-2022-24407
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ plugins/sql.c | 26 +++++++++++++++++++++++---
+ 1 file changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/plugins/sql.c b/plugins/sql.c
+index 95f5f707..5d20759b 100644
+--- a/plugins/sql.c
++++ b/plugins/sql.c
+@@ -1150,6 +1150,7 @@ static int sql_auxprop_store(void *glob_context,
+ char *statement = NULL;
+ char *escap_userid = NULL;
+ char *escap_realm = NULL;
++ char *escap_passwd = NULL;
+ const char *cmd;
+
+ sql_settings_t *settings;
+@@ -1221,6 +1222,11 @@ static int sql_auxprop_store(void *glob_context,
+ "Unable to begin transaction\n");
+ }
+ for (cur = to_store; ret == SASL_OK && cur->name; cur++) {
++ /* Free the buffer, current content is from previous loop. */
++ if (escap_passwd) {
++ sparams->utils->free(escap_passwd);
++ escap_passwd = NULL;
++ }
+
+ if (cur->name[0] == '*') {
+ continue;
+@@ -1242,19 +1248,32 @@ static int sql_auxprop_store(void *glob_context,
+ }
+ sparams->utils->free(statement);
+
++ if (cur->values[0]) {
++ escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);
++ if (!escap_passwd) {
++ ret = SASL_NOMEM;
++ break;
++ }
++ settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);
++ }
++
+ /* create a statement that we will use */
+ statement = sql_create_statement(cmd, cur->name, escap_userid,
+ escap_realm,
+- cur->values && cur->values[0] ?
+- cur->values[0] : SQL_NULL_VALUE,
++ escap_passwd ?
++ escap_passwd : SQL_NULL_VALUE,
+ sparams->utils);
++ if (!statement) {
++ ret = SASL_NOMEM;
++ break;
++ }
+
+ {
+ char *log_statement =
+ sql_create_statement(cmd, cur->name,
+ escap_userid,
+ escap_realm,
+- cur->values && cur->values[0] ?
++ escap_passwd ?
+ "<omitted>" : SQL_NULL_VALUE,
+ sparams->utils);
+ sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,
+@@ -1287,6 +1306,7 @@ static int sql_auxprop_store(void *glob_context,
+ done:
+ if (escap_userid) sparams->utils->free(escap_userid);
+ if (escap_realm) sparams->utils->free(escap_realm);
++ if (escap_passwd) sparams->utils->free(escap_passwd);
+ if (conn) settings->sql_engine->sql_close(conn);
+ if (userid) sparams->utils->free(userid);
+ if (realm) sparams->utils->free(realm);
+--
+2.25.1
+