From 2f6e6706175ddf0175a559a2c0ec23e7386fd1b6 Mon Sep 17 00:00:00 2001
From: Jan Šafránek <jsafrane@fedoraproject.org>
Date: Feb 08 2008 14:01:58 +0000
Subject: fix CVE-2008-0658

Resolves: #432012

---

diff --git a/openldap-2.3.27-modify-noop.patch b/openldap-2.3.27-modify-noop.patch
index e6830ec..3c09400 100644
--- a/openldap-2.3.27-modify-noop.patch
+++ b/openldap-2.3.27-modify-noop.patch
@@ -1,7 +1,11 @@
 431203: CVE-2007-6698 openldap: slapd crash on NOOP control operation on entry in bdb storage
+432012: CVE-2008-0658 openldap: slapd crash on modrdn operation with NOOP control on entry in bdb storage
 
-Source: upstream, http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925
+Source: upstream, 
+http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925
+http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.124.2.16&r2=1.124.2.17&f=h
+http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modrdn.c.diff?r1=1.197&r2=1.198
 
 ===================================================================
 RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/back-bdb/modify.c,v
@@ -19,3 +23,13 @@ diff -u -r1.124.2.16 -r1.124.2.17
  			goto return_results;
  		}
  	} else {
+--- servers/slapd/back-bdb/modrdn.c     2008/01/11 03:01:37     1.197
++++ servers/slapd/back-bdb/modrdn.c     2008/02/07 11:06:24     1.198
+@@ -739,6 +739,8 @@
+ 		} else {
+ 			rs->sr_err = LDAP_X_NO_OPERATION;
+ 			ltid = NULL;
++			/* Only free attrs if they were dup'd.  */
++			if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ 			goto return_results;
+ 		}
diff --git a/openldap.spec b/openldap.spec
index f44ad23..5c527eb 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -13,7 +13,7 @@
 Summary: The configuration files, libraries, and documentation for OpenLDAP
 Name: openldap
 Version: %{version_23}
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
@@ -753,6 +753,9 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
+* Fri Feb  8 2008 Jan Safranek <jsafranek@redhat.com> 2.3.34-7
+- fix CVE-2008-0658 (#432012)
+
 * Tue Feb  5 2008 Jan Safranek <jsafranek@redhat.com> 2.3.34-6
 - fix CVE-2007-6698 (#431409)