From 078661d0458dc0b49126cc4e28314471ec0db178 Mon Sep 17 00:00:00 2001 From: Adrian Cochrane Date: Thu, 7 Jan 2016 10:28:12 +1300 Subject: [PATCH 2/3] ldb-samba: Reenable recursive search and bug fixes Previously when the matcher recurses it reallocates the visited list, inevitably finding new memory for it. After finding a new pointer it fails to set the visited list to it and reliably crashes. This bug is now fixed. In part this reverts commit 8cacd5b8113fa30fb4ccaaf3193839660feb285f. Signed-off-by: Adrian Cochrane --- lib/ldb-samba/ldb_matching_rules.c | 23 +++++++++++++---------- source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 4 +++- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c index 3a51c29..cc69e44 100644 --- a/lib/ldb-samba/ldb_matching_rules.c +++ b/lib/ldb-samba/ldb_matching_rules.c @@ -30,7 +30,7 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, const struct dsdb_dn *dn_to_match, const char *dn_oid, struct dsdb_dn *to_visit, - struct dsdb_dn **visited, + struct dsdb_dn ***visited, unsigned int *visited_count, bool *matched) { @@ -107,21 +107,23 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, * memory context. */ if (visited == NULL) { - visited = talloc_array(mem_ctx, struct dsdb_dn *, 1); - if (visited == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } else if (*visited == NULL) { + *visited = talloc_array(mem_ctx, struct dsdb_dn *, 1); + if (*visited == NULL) { talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } - visited[0] = to_visit; + (*visited)[0] = to_visit; (*visited_count) = 1; } else { - visited = talloc_realloc(mem_ctx, visited, struct dsdb_dn *, + *visited = talloc_realloc(mem_ctx, *visited, struct dsdb_dn *, (*visited_count) + 1); - if (visited == NULL) { + if (*visited == NULL) { talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } - visited[(*visited_count)] = to_visit; + (*visited)[(*visited_count)] = to_visit; (*visited_count)++; } @@ -129,7 +131,7 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, * steal to_visit into visited array context, as it has to live until * the array is freed. */ - talloc_steal(visited, to_visit); + talloc_steal(*visited, to_visit); /* * Iterate over the values of the attribute of the entry being @@ -155,7 +157,7 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, * the current entry DN. */ for (j=0; j < (*visited_count) - 1; j++) { - struct dsdb_dn *visited_dn = visited[j]; + struct dsdb_dn *visited_dn = (*visited)[j]; if (ldb_dn_compare(visited_dn->dn, next_to_visit->dn) == 0) { skip = true; @@ -204,6 +206,7 @@ static int ldb_eval_transitive_filter(TALLOC_CTX *mem_ctx, struct dsdb_dn *dn_to_match; const char *dn_oid; unsigned int count; + struct dsdb_dn **visited; schema = dsdb_get_schema(ldb, mem_ctx); if (schema == NULL) { @@ -231,7 +234,7 @@ static int ldb_eval_transitive_filter(TALLOC_CTX *mem_ctx, return ldb_eval_transitive_filter_helper(mem_ctx, ldb, attr, dn_to_match, dn_oid, current_object_dn, - NULL, &count, matched); + &visited, &count, matched); } /* diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c index 4127036..b7ca636 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn_in.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn_in.c @@ -35,6 +35,7 @@ #include #include "dsdb/samdb/samdb.h" #include "dsdb/samdb/ldb_modules/util.h" +#include "lib/ldb-samba/ldb_matching_rules.h" /* TODO: if relax is not set then we need to reject the fancy RMD_* and @@ -406,7 +407,8 @@ static int extended_dn_filter_callback(struct ldb_parse_tree *tree, void *privat if (tree->operation == LDB_OP_EQUALITY) { dn = ldb_dn_from_ldb_val(filter_ctx, ldb_module_get_ctx(filter_ctx->module), &tree->u.equality.value); - } else if (tree->operation == LDB_OP_EXTENDED) { + } else if (tree->operation == LDB_OP_EXTENDED + && (strcmp(tree->u.extended.rule_id, SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL) == 0)) { dn = ldb_dn_from_ldb_val(filter_ctx, ldb_module_get_ctx(filter_ctx->module), &tree->u.extended.value); } if (dn == NULL) { -- 1.9.1