| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- (CVE-2011-1024) CVE-2011-1024 openldap: forwarded bind failure messages cause success
- Upstream patch: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diff?r1=1.76&r2=1.77
- diff -uNPrp openldap-2.4.23/servers/slapd/back-ldap/chain.c openldap-2.4.23.fix/servers/slapd/back-ldap/chain.c
- --- openldap-2.4.23/servers/slapd/back-ldap/chain.c 2010-04-13 22:23:28.000000000 +0200
- +++ openldap-2.4.23.fix/servers/slapd/back-ldap/chain.c 2011-02-28 14:43:16.377111481 +0100
- @@ -854,6 +854,7 @@ ldap_chain_response( Operation *op, Slap
-
- /* we need this to know if back-ldap returned any result */
- lb.lb_lc = lc;
- + sc2.sc_next = sc->sc_next;
- sc2.sc_private = &lb;
- sc2.sc_response = ldap_chain_cb_response;
- op->o_callback = &sc2;
- @@ -947,6 +948,7 @@ ldap_chain_response( Operation *op, Slap
-
- case LDAP_SUCCESS:
- case LDAP_REFERRAL:
- + sr_err = rs->sr_err;
- /* slapd-ldap sent response */
- if ( !op->o_abandon && lb.lb_status != LDAP_CH_RES ) {
- /* FIXME: should we send response? */
- @@ -974,7 +976,7 @@ cannot_chain:;
- default:
- #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
- if ( LDAP_CHAIN_RETURN_ERR( lc ) ) {
- - rs->sr_err = rc;
- + sr_err = rs->sr_err = rc;
- rs->sr_type = sr_type;
-
- } else {
- @@ -992,7 +994,8 @@ cannot_chain:;
- }
-
- if ( lb.lb_status == LDAP_CH_NONE && rc != SLAPD_ABANDON ) {
- - op->o_callback = NULL;
- + /* give the remaining callbacks a chance */
- + op->o_callback = sc->sc_next;
- rc = rs->sr_err = slap_map_api2result( rs );
- send_ldap_result( op, rs );
- }
|
