Fix CVE-2017-9287:

https://www.openldap.org/its/?findid=8655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9287

Patch copied from upstream source repository:

https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e

From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Wed, 17 May 2017 20:07:39 -0700
Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0

Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.
---
 servers/slapd/back-mdb/search.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 301d1a498c..43442aa242 100644
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -1066,7 +1066,8 @@ notfound:
 			/* check size limit */
 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
-					mdb_entry_return( op, e );
+					if (e != base)
+						mdb_entry_return( op, e );
 					e = NULL;
 					send_paged_response( op, rs, &lastid, tentries );
 					goto done;
-- 
2.13.0

ifyjs/'>summary</a><a href='/tracifyjs/refs/?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>refs</a><a href='/tracifyjs/log/test/compress/issue-1833.js'>log</a><a href='/tracifyjs/tree/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>tree</a><a class='active' href='/tracifyjs/commit/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>commit</a><a href='/tracifyjs/diff/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>diff</a></td><td class='form'><form class='right' method='get' action='/tracifyjs/log/test/compress/issue-1833.js'>
<input type='hidden' name='id' value='4ad7b1dae46fb5bf98f12859b2906381421563d4'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/tracifyjs/commit/?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>root</a>/<a href='/tracifyjs/commit/test?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>test</a>/<a href='/tracifyjs/commit/test/compress?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>compress</a>/<a href='/tracifyjs/commit/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>issue-1833.js</a></div><div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='4ad7b1dae46fb5bf98f12859b2906381421563d4'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Alex Lam S.L &lt;alexlamsl@gmail.com&gt;</td><td class='right'>2017-06-10 01:08:58 +0800</td></tr>
<tr><th>committer</th><td>GitHub &lt;noreply@github.com&gt;</td><td class='right'>2017-06-10 01:08:58 +0800</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/tracifyjs/commit/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>4ad7b1dae46fb5bf98f12859b2906381421563d4</a> (<a href='/tracifyjs/patch/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/tracifyjs/tree/?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>d3ea1801fedbcc30a34da5bde79fa6a2bd9534c2</a> /<a href='/tracifyjs/tree/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>test/compress/issue-1833.js</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/tracifyjs/commit/test/compress/issue-1833.js?id=9186859cb7df0b1f7ac328e19979b14967dbadf2'>9186859cb7df0b1f7ac328e19979b14967dbadf2</a> (<a href='/tracifyjs/diff/test/compress/issue-1833.js?id=4ad7b1dae46fb5bf98f12859b2906381421563d4&amp;id2=9186859cb7df0b1f7ac328e19979b14967dbadf2'>diff</a>)</td></tr><tr><th>download</th><td colspan='2' class='oid'><a href='/tracifyjs/snapshot/tracifyjs-4ad7b1dae46fb5bf98f12859b2906381421563d4.tar.gz'>tracifyjs-4ad7b1dae46fb5bf98f12859b2906381421563d4.tar.gz</a><br/><a href='/tracifyjs/snapshot/tracifyjs-4ad7b1dae46fb5bf98f12859b2906381421563d4.zip'>tracifyjs-4ad7b1dae46fb5bf98f12859b2906381421563d4.zip</a><br/></td></tr></table>
<div class='commit-subject'>fix portability of `sandbox.run_code()` on Node.js 0.1x (#2078)</div><div class='commit-msg'></div><div class='diffstat-header'><a href='/tracifyjs/diff/?id=4ad7b1dae46fb5bf98f12859b2906381421563d4'>Diffstat</a> (limited to 'test/compress/issue-1833.js')</div><table summary='diffstat' class='diffstat'></table><div class='diffstat-summary'>0 files changed, 0 insertions, 0 deletions</div><table summary='diff' class='diff'><tr><td></td></tr></table></div> <!-- class=content -->
                         <div class=footer>generated by
                             <a href="https://git.zx2c4.com/cgit/about/">
                                 cgit
                             </a>
                         </div>
                        </div> <!-- id=cgit -->
</body>
</html>

author	Alex Lam S.L <alexlamsl@gmail.com>	2017-06-10 01:08:58 +0800
committer	GitHub <noreply@github.com>	2017-06-10 01:08:58 +0800
commit	4ad7b1dae46fb5bf98f12859b2906381421563d4 (patch)
tree	d3ea1801fedbcc30a34da5bde79fa6a2bd9534c2 /test/compress/issue-1833.js
parent	9186859cb7df0b1f7ac328e19979b14967dbadf2 (diff)
download	tracifyjs-4ad7b1dae46fb5bf98f12859b2906381421563d4.tar.gz tracifyjs-4ad7b1dae46fb5bf98f12859b2906381421563d4.zip