|
| 1 | +From 1d14696f2939b065332bcd54a42fbac46bee9ff5 Mon Sep 17 00:00:00 2001 |
| 2 | +From: AllSpark <allspark@microsoft.com> |
| 3 | +Date: Fri, 9 Jan 2026 04:45:45 +0000 |
| 4 | +Subject: [PATCH] ldap: call ldap_init() before setting the options |
| 5 | + |
| 6 | +Closes #19830 |
| 7 | + |
| 8 | +Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> |
| 9 | +Upstream-reference: AI Backport of https://github.com/curl/curl/commit/39d1976b7f709a516e324333.patch |
| 10 | +--- |
| 11 | + Utilities/cmcurl/lib/ldap.c | 35 +++++++++++++++++++++-------------- |
| 12 | + 1 file changed, 21 insertions(+), 14 deletions(-) |
| 13 | + |
| 14 | +diff --git a/Utilities/cmcurl/lib/ldap.c b/Utilities/cmcurl/lib/ldap.c |
| 15 | +index 678b4d5a..7c0f69c1 100644 |
| 16 | +--- a/Utilities/cmcurl/lib/ldap.c |
| 17 | ++++ b/Utilities/cmcurl/lib/ldap.c |
| 18 | +@@ -364,16 +364,31 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) |
| 19 | + passwd = conn->passwd; |
| 20 | + } |
| 21 | + |
| 22 | ++#if defined(USE_WIN32_LDAP) |
| 23 | ++ if(ldap_ssl) |
| 24 | ++ server = ldap_sslinit(host, conn->primary.remote_port, 1); |
| 25 | ++ else |
| 26 | ++ server = ldap_init(host, conn->primary.remote_port); |
| 27 | ++#else |
| 28 | ++ server = ldap_init(host, conn->primary.remote_port); |
| 29 | ++#endif |
| 30 | ++ if(!server) { |
| 31 | ++ failf(data, "LDAP local: Cannot connect to %s:%u", |
| 32 | ++ conn->host.dispname, conn->primary.remote_port); |
| 33 | ++ result = CURLE_COULDNT_CONNECT; |
| 34 | ++ goto quit; |
| 35 | ++ } |
| 36 | ++ |
| 37 | ++ |
| 38 | + #ifdef LDAP_OPT_NETWORK_TIMEOUT |
| 39 | +- ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout); |
| 40 | ++ ldap_set_option(server, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout); |
| 41 | + #endif |
| 42 | +- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); |
| 43 | ++ ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); |
| 44 | + |
| 45 | + if(ldap_ssl) { |
| 46 | + #ifdef HAVE_LDAP_SSL |
| 47 | + #ifdef USE_WIN32_LDAP |
| 48 | + /* Win32 LDAP SDK doesn't support insecure mode without CA! */ |
| 49 | +- server = ldap_sslinit(host, conn->primary.remote_port, 1); |
| 50 | + ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON); |
| 51 | + #else |
| 52 | + int ldap_option; |
| 53 | +@@ -441,7 +456,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) |
| 54 | + goto quit; |
| 55 | + } |
| 56 | + infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca); |
| 57 | +- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca); |
| 58 | ++ rc = ldap_set_option(server, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca); |
| 59 | + if(rc != LDAP_SUCCESS) { |
| 60 | + failf(data, "LDAP local: ERROR setting PEM CA cert: %s", |
| 61 | + ldap_err2string(rc)); |
| 62 | +@@ -453,7 +468,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) |
| 63 | + else |
| 64 | + ldap_option = LDAP_OPT_X_TLS_NEVER; |
| 65 | + |
| 66 | +- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option); |
| 67 | ++ rc = ldap_set_option(server, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option); |
| 68 | + if(rc != LDAP_SUCCESS) { |
| 69 | + failf(data, "LDAP local: ERROR setting cert verify mode: %s", |
| 70 | + ldap_err2string(rc)); |
| 71 | +@@ -502,15 +517,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) |
| 72 | + result = CURLE_NOT_BUILT_IN; |
| 73 | + goto quit; |
| 74 | + } |
| 75 | +- else { |
| 76 | +- server = ldap_init(host, conn->primary.remote_port); |
| 77 | +- if(!server) { |
| 78 | +- failf(data, "LDAP local: Cannot connect to %s:%u", |
| 79 | +- conn->host.dispname, conn->primary.remote_port); |
| 80 | +- result = CURLE_COULDNT_CONNECT; |
| 81 | +- goto quit; |
| 82 | +- } |
| 83 | +- } |
| 84 | ++ |
| 85 | + #ifdef USE_WIN32_LDAP |
| 86 | + ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); |
| 87 | + rc = ldap_win_bind(data, server, user, passwd); |
| 88 | +-- |
| 89 | +2.45.4 |
| 90 | + |
0 commit comments