mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2024-09-20 11:23:16 +00:00
main/openvpn-auth-ldap: fix CVE-2024-28820
and fix build with gcc 14
This commit is contained in:
Natanael Copa
parent
9ea34f2a12
commit
6e5d1077f2
3 changed files with 77 additions and 6 deletions
|
|
@ -1,7 +1,7 @@
|
|||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=openvpn-auth-ldap
|
||||
pkgver=2.0.4
|
||||
pkgrel=6
|
||||
pkgrel=7
|
||||
pkgdesc="LDAP authentication and authorization plugin for OpenVPN 2.x"
|
||||
url="https://github.com/threerings/openvpn-auth-ldap/"
|
||||
arch="all"
|
||||
|
|
@ -11,17 +11,20 @@ makedepends="automake autoconf re2c openldap-dev openvpn-dev gcc-objc"
|
|||
pkggroups="openvpn"
|
||||
install="$pkgname.post-upgrade"
|
||||
source="https://github.com/threerings/openvpn-auth-ldap/archive/auth-ldap-$pkgver.tar.gz
|
||||
CVE-2024-28820.patch
|
||||
default-config.patch
|
||||
fix-make-install.patch
|
||||
stdio.patch
|
||||
"
|
||||
builddir="$srcdir/$pkgname-auth-ldap-$pkgver"
|
||||
|
||||
# secfixes:
|
||||
# 2.0.4-r7:
|
||||
# - CVE-2024-28820
|
||||
|
||||
prepare() {
|
||||
default_prepare
|
||||
|
||||
autoconf
|
||||
autoheader
|
||||
update_config_sub
|
||||
autoreconf -vif
|
||||
}
|
||||
|
||||
build() {
|
||||
|
|
@ -35,7 +38,7 @@ build() {
|
|||
--with-openvpn=/usr \
|
||||
--with-objc-runtime=GNU \
|
||||
CFLAGS="$CFLAGS -fPIC" \
|
||||
OBJCFLAGS="-std=gnu11"
|
||||
OBJCFLAGS="-std=gnu11 -fpermissive"
|
||||
make
|
||||
}
|
||||
|
||||
|
|
@ -51,6 +54,8 @@ package() {
|
|||
|
||||
sha512sums="
|
||||
ffa1f1617acd3f4e96d3abea7e5611d8b8406c92ff1298ac0520f2d42f188116904187d3ca8c0ae88e0bcc6449ec4c8494a18770a4635c1ee7301baaaddfa12e auth-ldap-2.0.4.tar.gz
|
||||
f68159da95bc6b593892125c6b97e6c60a8677f9d39031cb04c1948ac9495d507cb10f7929c1716cb67ac4f5e5d5fdb1a3ff51b902b2c4df65c3225c27899019 CVE-2024-28820.patch
|
||||
7d33287dde5ef338797d395f6e254d6e3116cbc274f89fc44b0de7f624d51c23c5734229279023c5b818d1ce7313f761770ee2f60c1975713feefdf03f040374 default-config.patch
|
||||
e6f826558a8542e3372c23692b9006ae5978110cd599ccde4756ace6bedd0c6a249738b00ba29e7121727246e001154f7aeb3804864fbc935e0acbb17b7d2a27 fix-make-install.patch
|
||||
57c8db58a10e8e4d4786cace8ace897510d1c547c679b5fe301010c47fc124af6d1b236e7752a4e0ca929cd30c1d242a90ef621baf244830ac344379ce03de05 stdio.patch
|
||||
"
|
||||
|
|
|
|||
30
main/openvpn-auth-ldap/CVE-2024-28820.patch
Normal file
30
main/openvpn-auth-ldap/CVE-2024-28820.patch
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
From 940e5206c4c1dfa44da5585f0d99e9b34338d234 Mon Sep 17 00:00:00 2001
|
||||
From: Graham Northup <graham@whereto.com>
|
||||
Date: Mon, 17 Jun 2024 11:54:17 -0400
|
||||
Subject: [PATCH] Fix CVE-2024-28820
|
||||
|
||||
An attacker who can control the challenge/response password field could, with a
|
||||
valid LDAP username, pass a string with more than 14 colons into this field,
|
||||
causing a buffer overflow. This happens before the number of tokens is checked
|
||||
for validity below.
|
||||
|
||||
This commit ensures that the loop bails before attempting to write past the end
|
||||
of tokenIndexes; as of the currently-published protocol, any response with more
|
||||
than 15 fields is certainly invalid (and will be rejected below).
|
||||
---
|
||||
src/openvpn-cr.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/openvpn-cr.c b/src/openvpn-cr.c
|
||||
index 7151e79..6ab75b9 100644
|
||||
--- a/src/openvpn-cr.c
|
||||
+++ b/src/openvpn-cr.c
|
||||
@@ -29,7 +29,7 @@ int extract_openvpn_cr(const char *response, openvpn_response *result, char **er
|
||||
tokenIndexes[0] = response;
|
||||
int tokenCnt = 1;
|
||||
const char *p;
|
||||
- for (p = response; *p; ++p) {
|
||||
+ for (p = response; *p && tokenCnt < 15; ++p) {
|
||||
if (*p == ':')
|
||||
tokenIndexes[tokenCnt++] = p + 1;
|
||||
}
|
||||
36
main/openvpn-auth-ldap/stdio.patch
Normal file
36
main/openvpn-auth-ldap/stdio.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
diff --git a/aclocal.m4 b/aclocal.m4
|
||||
index e5b7dbf..01cecf1 100644
|
||||
--- a/aclocal.m4
|
||||
+++ b/aclocal.m4
|
||||
@@ -73,6 +73,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
|
||||
AC_LANG_PROGRAM([
|
||||
#include <objc/objc.h>
|
||||
#include <objc/Object.h>
|
||||
+ #include <stdio.h>
|
||||
], [
|
||||
Object *obj = @<:@Object alloc@:>@;
|
||||
puts(@<:@obj name@:>@);
|
||||
@@ -94,6 +95,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
|
||||
AC_LANG_PROGRAM([
|
||||
#include <objc/objc.h>
|
||||
#include <objc/Object.h>
|
||||
+ #include <stdio.h>
|
||||
], [
|
||||
Object *obj = @<:@Object alloc@:>@;
|
||||
puts(@<:@obj name@:>@);
|
||||
@@ -131,6 +133,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
|
||||
AC_LANG_PROGRAM([
|
||||
#include <objc/objc.h>
|
||||
#include <objc/objc-api.h>
|
||||
+ #include <stdio.h>
|
||||
], [
|
||||
id class = objc_lookUpClass("Object");
|
||||
id obj = @<:@class alloc@:>@;
|
||||
@@ -162,6 +165,7 @@ AC_DEFUN([OD_OBJC_RUNTIME],[
|
||||
#else
|
||||
#include <objc/objc-api.h>
|
||||
#endif
|
||||
+ #include <stdio.h>
|
||||
], [
|
||||
#ifdef __GNU_LIBOBJC_
|
||||
Class class = objc_lookUpClass("Object");
|
||||
Loading…
Reference in a new issue