[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Apr 3 02:44:03 UTC 2019
The branch, master has been updated
via 29d7c80ee4d oLschema2ldif: Resolve multiple parsing bugs
via 4ae2fb2e740 Relax GPGME version check
via ea3b4d6abc6 prefork tests: disable restart tests MIT
from 3378a561efc s4:rpc_server: add missing newline to error debug message
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 29d7c80ee4d78e1dbdd506770a9cb7b34afa0ed0
Author: Michael Hanselmann <public at hansmi.ch>
Date: Wed Mar 27 20:17:08 2019 +0100
oLschema2ldif: Resolve multiple parsing bugs
The "oLschema2ldif" program contained multiple bugs triggered by
malformed inputs:
* Iteration beyond list of recognized dsdb syntax OIDs when value wasn't
found (bug 9567)
* NULL pointer dereference when input didn't define a name
* Heap buffer overflows for unterminated token values
Tests are added to reproduce all identified bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9567
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Then adapted to use ARRAY_SIZE() consistently as suggested by
metze.
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 3 02:43:07 UTC 2019 on sn-devel-144
commit 4ae2fb2e7403191296f7c74f3098fbe121f0796a
Author: Mathieu Parent <math.parent at gmail.com>
Date: Fri Aug 24 06:51:04 2018 +0200
Relax GPGME version check
The current method require at least the same version as during the build. This is not needed.
Used symbols indicate the minimum is 1.2.0
Bug-Debian: http://bugs.debian.org/886333
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13880
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ea3b4d6abc60863bff14fe676611569e1f6f8baa
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Mar 27 13:52:37 2019 +1300
prefork tests: disable restart tests MIT
The prefork restart tests use the kdc to test restart back off. These
tests need to use a process that has not been restarted to ensure that
the process restart counters are sitting at 0 when the tests start.
As MIT kerberos is experimental the heimdal builds will still ensure
that this functionality is tested.
At some stage the echo server should be converted to run in pre-fork and
this process can then be used to test the restart backoff.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
selftest/skip_mit_kdc | 4 +
selftest/tests.py | 2 +
source4/dsdb/samdb/ldb_modules/password_hash.c | 12 +-
source4/dsdb/schema/schema_syntax.c | 6 +-
source4/utils/oLschema2ldif/lib.c | 23 ++-
source4/utils/oLschema2ldif/test.c | 206 +++++++++++++++++++++++++
source4/utils/oLschema2ldif/wscript_build | 7 +
7 files changed, 254 insertions(+), 6 deletions(-)
create mode 100644 source4/utils/oLschema2ldif/test.c
Changeset truncated at 500 lines:
diff --git a/selftest/skip_mit_kdc b/selftest/skip_mit_kdc
index 4a51c98ea0b..bef52f50f86 100644
--- a/selftest/skip_mit_kdc
+++ b/selftest/skip_mit_kdc
@@ -3,3 +3,7 @@
.*RODC
^samba4.ntvfs.cifs.ntlm.base.unlink
^samba4.ntvfs.cifs.krb5.base.unlink
+#
+# We skip the pre-fork restart tests as they use the kdc process to test
+# restart back off
+^samba.tests.prefork_restart
diff --git a/selftest/tests.py b/selftest/tests.py
index 48c275c7793..01afdaea2d0 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -258,3 +258,5 @@ plantestsuite("samba.unittests.ntlm_check", "none",
[os.path.join(bindir(), "default/libcli/auth/test_ntlm_check")])
plantestsuite("samba.unittests.test_registry_regfio", "none",
[os.path.join(bindir(), "default/source3/test_registry_regfio")])
+plantestsuite("samba.unittests.test_oLschema2ldif", "none",
+ [os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")])
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index a010d4b9026..e740de8fb4e 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -52,6 +52,14 @@
#ifdef ENABLE_GPGME
#undef class
#include <gpgme.h>
+
+/*
+ * 1.2.0 is what dpkg-shlibdeps generates, based on used symbols and
+ * libgpgme11.symbols
+ * https://salsa.debian.org/debian/gpgme/blob/debian/master/debian/libgpgme11.symbols
+ */
+
+#define MINIMUM_GPGME_VERSION "1.2.0"
#endif
/* If we have decided there is a reason to work on this request, then
@@ -4817,13 +4825,13 @@ int ldb_password_hash_module_init(const char *version)
* if none is active already. See:
* https://www.gnupg.org/documentation/manuals/gpgme/Signal-Handling.html#Signal-Handling
*/
- gversion = gpgme_check_version(GPGME_VERSION);
+ gversion = gpgme_check_version(MINIMUM_GPGME_VERSION);
if (gversion == NULL) {
fprintf(stderr, "%s() in %s version[%s]: "
"gpgme_check_version(%s) not available, "
"gpgme_check_version(NULL) => '%s'\n",
__func__, __FILE__, version,
- GPGME_VERSION, gpgme_check_version(NULL));
+ MINIMUM_GPGME_VERSION, gpgme_check_version(NULL));
return LDB_ERR_UNAVAILABLE;
}
#endif /* ENABLE_GPGME */
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index b434b6b0a5f..a100f355052 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -2640,7 +2640,7 @@ static const struct dsdb_syntax dsdb_syntaxes[] = {
const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
{
unsigned int i;
- for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
+ for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
if (strcasecmp(ad_oid, dsdb_syntaxes[i].attributeSyntax_oid) == 0) {
return &dsdb_syntaxes[i];
}
@@ -2651,7 +2651,7 @@ const struct dsdb_syntax *find_syntax_map_by_ad_oid(const char *ad_oid)
const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
{
unsigned int i;
- for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
+ for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
if (oMSyntax == dsdb_syntaxes[i].oMSyntax) {
return &dsdb_syntaxes[i];
}
@@ -2662,7 +2662,7 @@ const struct dsdb_syntax *find_syntax_map_by_ad_syntax(int oMSyntax)
const struct dsdb_syntax *find_syntax_map_by_standard_oid(const char *standard_oid)
{
unsigned int i;
- for (i=0; dsdb_syntaxes[i].ldap_oid; i++) {
+ for (i=0; i < ARRAY_SIZE(dsdb_syntaxes); i++) {
if (strcasecmp(standard_oid, dsdb_syntaxes[i].ldap_oid) == 0) {
return &dsdb_syntaxes[i];
}
diff --git a/source4/utils/oLschema2ldif/lib.c b/source4/utils/oLschema2ldif/lib.c
index 8c85ce85a7c..feda4674eb0 100644
--- a/source4/utils/oLschema2ldif/lib.c
+++ b/source4/utils/oLschema2ldif/lib.c
@@ -121,7 +121,9 @@ static char *get_def_value(TALLOC_CTX *ctx, char **string)
n = strcspn(c, "\'");
value = talloc_strndup(ctx, c, n);
c += n;
- c++; /* skip closing \' */
+ if (*c != '\0') {
+ c++; /* skip closing \' */
+ }
} else {
n = strcspn(c, " \t\n");
value = talloc_strndup(ctx, c, n);
@@ -177,6 +179,10 @@ static struct schema_token *get_next_schema_token(TALLOC_CTX *ctx, char **string
n = strcspn(c, ")");
token->value = talloc_strndup(ctx, c, n);
c += n;
+ if (*c == '\0') {
+ talloc_free(token->value);
+ return NULL;
+ }
c++;
} else {
token->value = get_def_value(ctx, &c);
@@ -217,6 +223,10 @@ static struct schema_token *get_next_schema_token(TALLOC_CTX *ctx, char **string
n = strcspn(c, ")");
token->value = talloc_strndup(ctx, c, n);
c += n;
+ if (*c == '\0') {
+ talloc_free(token->value);
+ return NULL;
+ }
c++;
} else {
token->value = get_def_value(ctx, &c);
@@ -236,6 +246,10 @@ static struct schema_token *get_next_schema_token(TALLOC_CTX *ctx, char **string
n = strcspn(c, ")");
token->value = talloc_strndup(ctx, c, n);
c += n;
+ if (*c == '\0') {
+ talloc_free(token->value);
+ return NULL;
+ }
c++;
} else {
token->value = get_def_value(ctx, &c);
@@ -316,6 +330,9 @@ static struct schema_token *get_next_schema_token(TALLOC_CTX *ctx, char **string
}
if (*c == '\'') {
c = strchr(++c, '\'');
+ if (c == NULL || *c == '\0') {
+ return NULL;
+ }
c++;
} else {
c += strcspn(c, " \t\n");
@@ -486,12 +503,16 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, struct conv_option
default:
fprintf(stderr, "Unknown Definition: %s\n", token->value);
+ goto failed;
}
}
if (isAttribute) {
MSG_ADD_STRING("isSingleValued", single_valued ? "TRUE" : "FALSE");
} else {
+ if (msg->dn == NULL) {
+ goto failed;
+ }
MSG_ADD_STRING("defaultObjectCategory", ldb_dn_get_linearized(msg->dn));
}
diff --git a/source4/utils/oLschema2ldif/test.c b/source4/utils/oLschema2ldif/test.c
new file mode 100644
index 00000000000..6748ce08c33
--- /dev/null
+++ b/source4/utils/oLschema2ldif/test.c
@@ -0,0 +1,206 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2019 Michael Hanselmann <public at hansmi.ch>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "includes.h"
+#include "./lib.h"
+
+struct test_ctx {
+};
+
+static int setup_context(void **state)
+{
+ struct test_ctx *test_ctx;
+
+ test_ctx = talloc_zero(NULL, struct test_ctx);
+ assert_non_null(test_ctx);
+
+ *state = test_ctx;
+
+ return 0;
+}
+
+static int teardown_context(void **state)
+{
+ struct test_ctx *test_ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+
+ talloc_free(test_ctx);
+
+ return 0;
+}
+
+static struct schema_conv process_data_blob(void **state, DATA_BLOB input)
+{
+ struct test_ctx *test_ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+ struct conv_options opt;
+ struct schema_conv ret;
+
+ assert_non_null(test_ctx);
+ assert_non_null(input.data);
+
+ opt.in = fmemopen(input.data, input.length, "r");
+ opt.out = fopen("/dev/null", "w");
+ opt.ldb_ctx = ldb_init(test_ctx, NULL);
+
+ assert_non_null(opt.in);
+ assert_non_null(opt.out);
+ assert_non_null(opt.ldb_ctx);
+
+ opt.basedn = ldb_dn_new(test_ctx, opt.ldb_ctx, "");
+
+ assert_non_null(opt.basedn);
+
+ ret = process_file(test_ctx, &opt);
+
+ fclose(opt.in);
+ fclose(opt.out);
+
+ return ret;
+}
+
+static void test_unknown_syntax_oid(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "attributetype ( 999.555.999.555.999\n"
+ "NAME 'mailLocalAddress'\n"
+ "DESC 'RFC822 email address of this recipient'\n"
+ "EQUALITY caseIgnoreIA5Match\n"
+ "SYNTAX 999.555.999.555.999{256} )\n"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_token_value(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "attributetype ( 2.16.840.1.113730.3.1.47\n"
+ "\tNAME 'mailRoutingAX 1.3.6.1.4.1.1466.115.121.1.26{256}\n"
+ "\tSI GLE-VALUE )\n"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_must_value(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "attributetype ( 1\n"
+ "\tSYNTAX 1./)# MUST ( foobar $\n"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_may_value(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "attributetype ( 1\n"
+ "\tSYNTAX 1.3.6.1.4.1.1466.115.121.1./)# MAY ( javaClassNames $\n"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+static void test_unterminated_sup_value(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "attributetype ( 1\n"
+ "\tSYNTAX 1./)# SUP ( foobar $\n"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+static void test_unknown_token(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "attributetype ( 1\n"
+ "\tFOOBAR 123\n"
+ " )\n"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+static void test_missing_name(void **state)
+{
+ struct schema_conv ret;
+
+ ret = process_data_blob(state, data_blob_string_const(
+ "objectclass ( 1.3.6.3.6.1.4.1.1466.115.121.1.26{256} )"
+ ));
+
+ assert_int_equal(ret.count, 1);
+ assert_int_equal(ret.failures, 1);
+}
+
+int main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(test_unknown_syntax_oid,
+ setup_context,
+ teardown_context),
+ cmocka_unit_test_setup_teardown(test_unterminated_token_value,
+ setup_context,
+ teardown_context),
+ cmocka_unit_test_setup_teardown(test_unterminated_must_value,
+ setup_context,
+ teardown_context),
+ cmocka_unit_test_setup_teardown(test_unterminated_may_value,
+ setup_context,
+ teardown_context),
+ cmocka_unit_test_setup_teardown(test_unterminated_sup_value,
+ setup_context,
+ teardown_context),
+ cmocka_unit_test_setup_teardown(test_unknown_token,
+ setup_context,
+ teardown_context),
+ cmocka_unit_test_setup_teardown(test_missing_name,
+ setup_context,
+ teardown_context),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source4/utils/oLschema2ldif/wscript_build b/source4/utils/oLschema2ldif/wscript_build
index 5e87b7a385f..527c99dc2f2 100644
--- a/source4/utils/oLschema2ldif/wscript_build
+++ b/source4/utils/oLschema2ldif/wscript_build
@@ -10,3 +10,10 @@ bld.SAMBA_BINARY('oLschema2ldif',
manpages='oLschema2ldif.1',
deps='oLschema2ldif-lib POPT_SAMBA',
)
+
+bld.SAMBA_BINARY('test_oLschema2ldif',
+ source='test.c',
+ deps='cmocka oLschema2ldif-lib',
+ local_include=False,
+ install=False,
+ )
--
Samba Shared Repository
More information about the samba-cvs
mailing list