/[packages]/updates/5/389-ds-base/current/SOURCES/389-ds-base-1.3.5.17_CVE-2017-7551_brute-force.patch
ViewVC logotype

Contents of /updates/5/389-ds-base/current/SOURCES/389-ds-base-1.3.5.17_CVE-2017-7551_brute-force.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1151926 - (show annotations) (download)
Fri Sep 8 13:25:35 2017 UTC (5 years, 8 months ago) by mrambo3501
File size: 1314 byte(s) 
added patch which fixes CVE-2017-7551 mga#21671
1 Index: 389-ds-base-1.3.5.17/ldap/servers/slapd/bind.c
2 ===================================================================
3 --- 389-ds-base-1.3.5.17/ldap/servers/slapd/bind.c
4 +++ 389-ds-base-1.3.5.17/ldap/servers/slapd/bind.c 2017-09-08 08:10:32.494666548 -0400
5 @@ -722,10 +722,7 @@
6 }
7 slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database );
8 set_db_default_result_handlers(pb);
9 - if ( (rc != 1) &&
10 - (auto_bind ||
11 - (((rc = (*be->be_bind)( pb )) == SLAPI_BIND_SUCCESS) ||
12 - (rc == SLAPI_BIND_ANONYMOUS))) ) {
13 + if ( rc != 1) {
14 long t;
15 char* authtype = NULL;
16 /* rc is SLAPI_BIND_SUCCESS or SLAPI_BIND_ANONYMOUS */
17 @@ -783,6 +780,10 @@
18 myrc = 0;
19 }
20 if (!auto_bind) {
21 + rc = (*be->be_bind)( pb );
22 + if (rc != SLAPI_BIND_SUCCESS && rc != SLAPI_BIND_ANONYMOUS) {
23 + goto account_locked;
24 + }
25 /*
26 * There could be a race that bind_target_entry was not added
27 * when bind_target_entry was retrieved before be_bind, but it
  ViewVC Help
Powered by ViewVC 1.1.28