4 changed files with 640 additions and 607 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/pki-11.5.0.tar.gz
+SOURCES/pki-10.15.0.tar.gz
--- a/.pki-core.metadata
+++ b/.pki-core.metadata
@ -1 +1 @@
-dd717a1d8e14cfd558d8772ef37f425db84debee SOURCES/pki-11.5.0.tar.gz
+dfd4964a18914db699758463d9abb1fe880911f7 SOURCES/pki-10.15.0.tar.gz
--- a/SOURCES/0001-CVE-2023-4727-Fix-token-authentication-bypass-vulner.patch
+++ b/SOURCES/0001-CVE-2023-4727-Fix-token-authentication-bypass-vulner.patch
@ -1,60 +0,0 @@
-From 9f9ede3fe2a6ae95230411d48183dc6880ff3c52 Mon Sep 17 00:00:00 2001
-From: "Endi S. Dewata" <edewata@redhat.com>
-Date: Mon, 11 Sep 2023 15:40:32 -0500
-Subject: [PATCH] CVE-2023-4727 Fix token authentication bypass vulnerability
-
-Previously the LDAPSecurityDomainSessionTable.sessionExists()
-and getStringValue() were using user-provided session ID as
-is in an LDAP filter which could be exploited to bypass token
-authentication.
-
-To fix the problem the code has been modified to escape all
-special characters in the session ID before using it in the
-LDAP filter.
-
-Resolves: CVE-2023-4727
---
- .../session/LDAPSecurityDomainSessionTable.java     | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java b/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
-index 7691a98a40..fb627b88cb 100644
--- a/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
-+++ b/base/server/src/main/java/com/netscape/cmscore/session/LDAPSecurityDomainSessionTable.java
-@@ -29,6 +29,7 @@ import com.netscape.cmscore.apps.CMSEngine;
- import com.netscape.cmscore.apps.EngineConfig;
- import com.netscape.cmscore.ldapconn.LDAPConfig;
- import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
-+import com.netscape.cmsutil.ldap.LDAPUtil;
- 
- import netscape.ldap.LDAPAttribute;
- import netscape.ldap.LDAPAttributeSet;
-@@ -173,7 +174,11 @@ public class LDAPSecurityDomainSessionTable
-         try {
-             String basedn = ldapConfig.getBaseDN();
-             String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
-            String filter = "(cn=" + sessionId + ")";
-+
-+            // CVE-2023-4727
-+            // escape session ID in LDAP search filter
-+            String filter = "(cn=" + LDAPUtil.escapeFilter(sessionId) + ")";
-+
-             String[] attrs = { "cn" };
- 
-             conn = mLdapConnFactory.getConn();
-@@ -254,7 +259,11 @@ public class LDAPSecurityDomainSessionTable
-         try {
-             String basedn = ldapConfig.getBaseDN();
-             String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
-            String filter = "(cn=" + sessionId + ")";
-+
-+            // CVE-2023-4727
-+            // escape session ID in LDAP search filter
-+            String filter = "(cn=" + LDAPUtil.escapeFilter(sessionId) + ")";
-+
-             String[] attrs = { attr };
- 
-             conn = mLdapConnFactory.getConn();
-- 
-2.42.0
-
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec