[SCM] Samba Shared Repository - branch v4-10-test updated

Stefan Metzmacher metze at samba.org
Tue Feb 26 15:10:01 UTC 2019


The branch, v4-10-test has been updated
       via  97fcdfb58a7 CVE-2019-3824 ldb: version 1.5.4
       via  21a44989274 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match
       via  aecd14f8bdc CVE-2019-3824 ldb: wildcard_match end of data check
       via  41fd2cde0c7 CVE-2019-3824 ldb: wildcard_match check tree operation
       via  9a0ace32390 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero
       via  4cd0abe3c70 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
       via  e9afae48efa CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
       via  aa13a46221a CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
       via  bfa9353ce1d ldb: The test api.py should not rely on order of entries in dict
       via  942822e7165 lib:ldb: Use correct C99 initializer for 'struct tm'
       via  d16b81cf586 lib:ldb: Use C99 initializer for tdb_logging_context
       via  7d0902c2a2b lib:ldb: Use C99 initializer for PyGetSetDef in pyldb
       via  0da2d830806 tevent: version 0.9.39
       via  f868654638a py_tevent: add_timer takes float argument
       via  6b125f6ce2d lib:tevent: Use correct C99 initializer for tevent_req
       via  7bc0d67e2f5 talloc: version 2.1.16
       via  dd2ec6de72d tdb: version 1.3.18
       via  0130b999d2a lib:tdb: Use C99 initializer for tdb_logging_context
       via  a5284f9ce32 lib:tdb: Use C99 initializer for tdb_header
       via  b6bb285d9a9 lib:tdb: Use C99 initializer for PyGetSetDef in pytdb
       via  50be2c58274 tdb: Fix compatibility of wscript with older python
       via  ba5a93c860a Search for location of waf script
      from  fb1d5988e30 buildtools/wafsamba: Avoid decode when using python2

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test


- Log -----------------------------------------------------------------
commit 97fcdfb58a751046541c370d68d6c52114fd702b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 26 12:29:13 2019 +0100

    CVE-2019-3824 ldb: version 1.5.4
    
    * Fix standalone build of ldb.
    * C99 build fixes.
    * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(v4-10-test): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(v4-10-test): Tue Feb 26 16:09:12 CET 2019 on sn-devel-144

commit 21a449892743994487f70dd67914f87cd83e4fc1
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Tue Feb 19 10:24:38 2019 +1300

    CVE-2019-3824 ldb: Add tests for ldb_wildcard_match
    
    Add cmocka tests for ldb_wildcard_match.
    
    Running test_wildcard_match under valgrind reproduces
     CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)
    
     valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\
              bin/ldb_match_test
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 45b75db50f5c1a7c8c38af59a62fccee5401c845)

commit aecd14f8bdc00519c981f17d398df3054fcab9da
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Tue Feb 19 10:26:56 2019 +1300

    CVE-2019-3824 ldb: wildcard_match end of data check
    
    ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
    to the data, to make them safe to use the C string functions on.
    
    However testing for the trailing '\0' is not the correct way to test for
    the end of a value, the length should be checked instead.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 42f0f57eb819ce6b68a8c5b3b53123b83ec917e3)

commit 41fd2cde0c7e422381c7ae62296b1767feec9dcb
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Tue Feb 19 10:26:25 2019 +1300

    CVE-2019-3824 ldb: wildcard_match check tree operation
    
    Check the operation type of the passed parse tree, and return
    LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.
    
    A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
    operation and failing ldb_wildcard_match should help prevent confusion
    writing tests.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 34383981a0c40860f71a4451ff8fd752e1b67666)

commit 9a0ace323908104b01840c4ff3e01376d20cb5c3
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Tue Feb 19 10:25:24 2019 +1300

    CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero
    
    Initialise the created ldb_parse_tree with talloc_zero, this ensures
    that it is correctly initialised if inadvertently passed to a function
    expecting a different operation type.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 8d34d172092f71baad0d777567e49aebfa07313d)

commit 4cd0abe3c709e4600fbd74da63a6647c7427c68b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 4 11:22:50 2019 +1300

    CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    (cherry picked from commit 9427806f7298d71bd7edfbdda7506ec63f15dda1)

commit e9afae48efa52579635aa7004f6c4a3a22dc57df
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Feb 4 11:22:34 2019 +1300

    CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    (cherry picked from commit 745b99fc6b75db33cdb0a58df1a3f2a5063bc76e)

commit aa13a46221adc66c0abeeb9f70e3859b248085aa
Author: Lukas Slebodnik <lslebodn at fedoraproject.org>
Date:   Fri Jan 18 16:37:24 2019 +0100

    CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
    
    There is valgrind error in few tests tests/test-generic.sh
     91 echo "Test wildcard match"
     92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif  || exit 1
     93 $VALGRIND ldbsearch '(cn=test*multi)'  || exit 1
     95 $VALGRIND ldbsearch '(cn=*test_multi)'  || exit 1
     97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)'  || exit 1
    
    e.g.
      ==3098== Memcheck, a memory error detector
      ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
      ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
      ==3098== Command: ./bin/ldbsearch (cn=test*multi)
      ==3098==
      ==3098== Invalid read of size 1
      ==3098==    at 0x483CEE7: memchr (vg_replace_strmem.c:890)
      ==3098==    by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so)
      ==3098==    by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313)
      ==3098==    by 0x485DFE9: ldb_match_substring (ldb_match.c:360)
      ==3098==    by 0x485DFE9: ldb_match_message (ldb_match.c:572)
      ==3098==    by 0x558F8FA: search_func (ldb_kv_search.c:549)
      ==3098==    by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
      ==3098==    by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
      ==3098==    by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
      ==3098==    by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
      ==3098==    by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
      ==3098==    by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
      ==3098==    by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
      ==3098==    by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38)
      ==3098==    by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38)
      ==3098==  Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd
      ==3098==    at 0x483880B: malloc (vg_replace_malloc.c:309)
      ==3098==    by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15)
      ==3098==    by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59)
      ==3098==    by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64)
      ==3098==    by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257)
      ==3098==    by 0x485DB88: ldb_match_substring (ldb_match.c:360)
      ==3098==    by 0x485DB88: ldb_match_message (ldb_match.c:572)
      ==3098==    by 0x558F8FA: search_func (ldb_kv_search.c:549)
      ==3098==    by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
      ==3098==    by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
      ==3098==    by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
      ==3098==    by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
      ==3098==    by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
      ==3098==    by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
      ==3098==    by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
      ==3098==
      # record 1
      dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST
      cn: test_multi_test_multi_test_multi
      description: test multi wildcards matching
      objectclass: person
      sn: multi_test
      name: test_multi_test_multi_test_multi
      distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga
       n,c=TEST
    
      # returned 1 records
      # 1 entries
      # 0 referrals
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
    
    Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    (cherry picked from commit 3674b0891afb016c83763520b87e9f190dcfe884)

commit bfa9353ce1d2fa7925b0efa0baafb34fcc29bb65
Author: Lukas Slebodnik <lslebodn at fedoraproject.org>
Date:   Tue Jan 22 10:04:02 2019 +0100

    ldb: The test api.py should not rely on order of entries in dict
    
    Test failed on s390x but there is a simple reproducer for any
    architecture.
    
    The built-in function repr returns the canonical string representation
    of the object. We needn't care about order attributes in string
    representation. Therefore test should pass for any order.
    
        for i in {1..30}; do
            PYTHONHASHSEED=random \
            python2 -c 'import ldb; msg = ldb.Message(); msg.dn = ldb.Dn(ldb.Ldb(), "dc=foo29"); msg["dc"] = b"foo"; print(repr(msg)) '
        done
    
      ======================================================================
      FAIL: test_repr (__main__.LdbMsgTests)
      ----------------------------------------------------------------------
      Traceback (most recent call last):
        File "tests/python/api.py", line 2322, in test_repr
          "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})")
      AssertionError: "Message({'dc': MessageElement(['foo']), 'dn': Dn('dc=foo29')})" != "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})"
      ----------------------------------------------------------------------
      Ran 1025 tests in 29.146s
      FAILED (failures=1)
    
    Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 7a7a5ccf501f89c530970bde072509ed86d7bd89)

commit 942822e7165565d9e9d462a7babb277c023bc2b5
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jan 14 12:10:34 2019 +0100

    lib:ldb: Use correct C99 initializer for 'struct tm'
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 146ed0894e640fe1791f75fa8f50167b6cdfc06e)

commit d16b81cf5865b983905653383ff6de14b00b698d
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Dec 13 11:35:25 2018 +0100

    lib:ldb: Use C99 initializer for tdb_logging_context
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 3cd5d4b39713559d2f88e21a24f8190fe9ce075c)

commit 7d0902c2a2bba7fc290d963cb771173adf8b5715
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Dec 13 11:34:37 2018 +0100

    lib:ldb: Use C99 initializer for PyGetSetDef in pyldb
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 85a5dc56e34298a60d7ef96f4178ccff20d40c82)

commit 0da2d830806da2ae092d9a094820861ffd3254a0
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 26 10:19:44 2019 +0100

    tevent: version 0.9.39
    
    * py_tevent: add_timer takes float argument
    * C99 build fixes.
    * Fix standalone build of tevent.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit db58a50296041ca57675daee15caea8850f1d3f8)

commit f868654638a32afcb4bfb9b03b4dc87f37f323b0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Thu Feb 7 17:00:28 2019 +1300

    py_tevent: add_timer takes float argument
    
    We were already using it that way.
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Noel Power <npower at samba.org>
    (cherry picked from commit 8294e68a4175e6116b38869866c42a1b7ba55b6a)

commit 6b125f6ce2dc2f095fa8842be0790e82656de796
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jan 14 11:59:59 2019 +0100

    lib:tevent: Use correct C99 initializer for tevent_req
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 0da2e9c215f882ea4c331ac4f17738913beb7404)

commit 7bc0d67e2f536d3eb2495462657a28947bbbf267
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 26 10:19:44 2019 +0100

    talloc: version 2.1.16
    
    * Fix standalone build of talloc.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 3fe1551b5347934a20b9161a23e6a16220c3aeb6)

commit dd2ec6de72d9fc0b82425576f19ad17efad39b03
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 26 10:19:44 2019 +0100

    tdb: version 1.3.18
    
    * Fix build problems with older python versions.
    * C99 build fixes.
    * Fix standalone build of tdb.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit f0d26dd1816f35a00abf52b640f42547ffdfa01b)

commit 0130b999d2aacdcfbc7115e3367cdad5b2395178
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Dec 13 11:24:12 2018 +0100

    lib:tdb: Use C99 initializer for tdb_logging_context
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 47b57a2fc87664366099913305dd8d3783734a1a)

commit a5284f9ce32ce3ce930ebf920a63a99a602d028e
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Dec 12 21:26:35 2018 +0100

    lib:tdb: Use C99 initializer for tdb_header
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit a1ce666d68745a9bc65bd2709c581ed5105f656d)

commit b6bb285d9a9b18fd668659936803f1be4a34f948
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Dec 13 11:29:09 2018 +0100

    lib:tdb: Use C99 initializer for PyGetSetDef in pytdb
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 651ee7f205f4a7e31c791f7bb235275816747463)

commit 50be2c5827482592ee059c9f4000708250be19b0
Author: Lukas Slebodnik <lslebodn at fedoraproject.org>
Date:   Fri Jan 18 16:38:03 2019 +0100

    tdb: Fix compatibility of wscript with older python
    
    Traceback (most recent call last):
      File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 158, in waf_entry_point
        run_commands()
      File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 251, in run_commands
        ctx = run_command(cmd_name)
      File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 235, in run_command
        ctx.execute()
      File "tdb-1.3.17/third_party/waf/waflib/Context.py", line 204, in execute
        self.recurse([os.path.dirname(g_module.root_path)])
      File "tdb-1.3.17/third_party/waf/waflib/Context.py", line 286, in recurse
        user_function(self)
      File "tdb-1.3.17/wscript", line 225, in testonly
        cmd = "BINDIR={} {}".format(blddir, sh_test)
    ValueError: zero length field name in format
    
    Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Sun Jan 20 03:49:59 CET 2019 on sn-devel-144
    
    (cherry picked from commit 0628ca2a558871402f9a17cc7f7a0c69d857ae19)

commit ba5a93c860af07f2a3534513133702b53c6b63f8
Author: David Mulder <dmulder at suse.com>
Date:   Thu Feb 7 10:47:47 2019 -0700

    Search for location of waf script
    
    When calling make from the ldb, talloc, tdb, and
    tevent bundles, we need to first find the
    location of the waf script. Currently the build
    fails since it can't find waf.
    
    Fixes regression caused by a660b7f.
    
    Signed-off-by: David Mulder <dmulder at suse.com>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 8ecd7f756f0fafe5fd79dc4deb445883450c7cca)

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.4.sigs}     |   0
 ...yldb-util-1.1.10.sigs => pyldb-util-1.5.4.sigs} |   0
 ...-util-1.1.10.sigs => pyldb-util.py3-1.5.4.sigs} |   0
 lib/ldb/Makefile                                   |   3 +-
 lib/ldb/common/ldb_match.c                         |  41 ++++-
 lib/ldb/common/ldb_msg.c                           |   6 +-
 lib/ldb/common/ldb_parse.c                         |   2 +-
 lib/ldb/pyldb.c                                    |  62 +++++--
 lib/ldb/tests/ldb_match_test.c                     | 191 +++++++++++++++++++++
 lib/ldb/tests/ldb_match_test.valgrind              |  16 ++
 lib/ldb/tests/python/api.py                        |  14 +-
 lib/ldb/tools/ldbdump.c                            |   4 +-
 lib/ldb/wscript                                    |  10 +-
 ...-util-2.1.10.sigs => pytalloc-util-2.1.16.sigs} |   0
 ...3-2.1.10.sigs => pytalloc-util.py3-2.1.16.sigs} |   0
 .../ABI/{talloc-2.1.10.sigs => talloc-2.1.16.sigs} |   0
 lib/talloc/Makefile                                |   3 +-
 lib/talloc/wscript                                 |   2 +-
 lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.3.18.sigs}   |   0
 lib/tdb/Makefile                                   |   3 +-
 lib/tdb/common/open.c                              |   4 +-
 lib/tdb/pytdb.c                                    |  52 ++++--
 lib/tdb/tools/tdbdump.c                            |   4 +-
 lib/tdb/wscript                                    |   4 +-
 .../ABI/{tevent-0.9.37.sigs => tevent-0.9.39.sigs} |   0
 lib/tevent/Makefile                                |   3 +-
 lib/tevent/pytevent.c                              |   8 +-
 lib/tevent/tevent_req.c                            |  10 +-
 lib/tevent/wscript                                 |   2 +-
 29 files changed, 377 insertions(+), 67 deletions(-)
 copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.4.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.5.4.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.5.4.sigs} (100%)
 create mode 100644 lib/ldb/tests/ldb_match_test.c
 create mode 100644 lib/ldb/tests/ldb_match_test.valgrind
 copy lib/talloc/ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.16.sigs} (100%)
 copy lib/talloc/ABI/{pytalloc-util.py3-2.1.10.sigs => pytalloc-util.py3-2.1.16.sigs} (100%)
 copy lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.16.sigs} (100%)
 copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.3.18.sigs} (100%)
 copy lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.39.sigs} (100%)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/ABI/ldb-1.5.1.sigs b/lib/ldb/ABI/ldb-1.5.4.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.5.1.sigs
copy to lib/ldb/ABI/ldb-1.5.4.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.5.4.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.5.4.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs
diff --git a/lib/ldb/Makefile b/lib/ldb/Makefile
index 18ef459eb16..b82723f35ed 100644
--- a/lib/ldb/Makefile
+++ b/lib/ldb/Makefile
@@ -1,6 +1,7 @@
 # simple makefile wrapper to run waf
 
-WAF_BINARY=$(PYTHON) ../../buildtools/bin/waf
+WAF_BIN=`PATH=buildtools/bin:../../buildtools/bin:$$PATH which waf`
+WAF_BINARY=$(PYTHON) $(WAF_BIN)
 WAF=PYTHONHASHSEED=1 WAF_MAKE=1 $(WAF_BINARY)
 
 all:
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index 25fe3f9c21b..829afa77e71 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
 	uint8_t *save_p = NULL;
 	unsigned int c = 0;
 
+	if (tree->operation != LDB_OP_SUBSTRING) {
+		*matched = false;
+		return LDB_ERR_INAPPROPRIATE_MATCHING;
+	}
+
 	a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
 	if (!a) {
 		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
@@ -306,14 +311,38 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
 		p = memmem((const void *)val.data,val.length,
 			   (const void *)cnk.data, cnk.length);
 		if (p == NULL) goto mismatch;
+
+		/*
+		 * At this point we know cnk.length <= val.length as
+		 * otherwise there could be no match
+		 */
+
 		if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
 			uint8_t *g;
+			uint8_t *end = val.data + val.length;
 			do { /* greedy */
-				g = memmem(p + cnk.length,
-					val.length - (p - val.data),
-					(const uint8_t *)cnk.data,
-					cnk.length);
-				if (g) p = g;
+
+				/*
+				 * haystack is a valid pointer in val
+				 * because the memmem() can only
+				 * succeed if the needle (cnk.length)
+				 * is <= haystacklen
+				 *
+				 * p will be a pointer at least
+				 * cnk.length from the end of haystack
+				 */
+				uint8_t *haystack
+					= p + cnk.length;
+				size_t haystacklen
+					= end - (haystack);
+
+				g = memmem(haystack,
+					   haystacklen,
+					   (const uint8_t *)cnk.data,
+					   cnk.length);
+				if (g) {
+					p = g;
+				}
 			} while(g);
 		}
 		val.length = val.length - (p - (uint8_t *)(val.data)) - cnk.length;
@@ -324,7 +353,7 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
 	}
 
 	/* last chunk may not have reached end of string */
-	if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch;
+	if ( (! tree->u.substring.end_with_wildcard) && (val.length != 0) ) goto mismatch;
 	talloc_free(save_p);
 	*matched = true;
 	return LDB_SUCCESS;
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index c2782db6fb2..b51e4b1059e 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -1303,8 +1303,10 @@ time_t ldb_string_to_time(const char *s)
 */
 int ldb_val_to_time(const struct ldb_val *v, time_t *t)
 {
-	char val[15] = {};
-	struct tm tm = {};
+	char val[15] = {0};
+	struct tm tm = {
+		.tm_year = 0,
+	};
 
 	if (v == NULL) {
 		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 5fa5a74afa9..db420091311 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -389,7 +389,7 @@ static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char *
 	struct ldb_parse_tree *ret;
 	enum ldb_parse_op filtertype;
 
-	ret = talloc(mem_ctx, struct ldb_parse_tree);
+	ret = talloc_zero(mem_ctx, struct ldb_parse_tree);
 	if (!ret) {
 		errno = ENOMEM;
 		return NULL;
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index c98ce5d1b2b..b2cac8a3497 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -260,9 +260,16 @@ static PyObject *py_ldb_control_new(PyTypeObject *type, PyObject *args, PyObject
 }
 
 static PyGetSetDef py_ldb_control_getset[] = {
-	{ discard_const_p(char, "oid"), (getter)py_ldb_control_get_oid, NULL, NULL },
-	{ discard_const_p(char, "critical"), (getter)py_ldb_control_get_critical, (setter)py_ldb_control_set_critical, NULL },
-	{ NULL }
+	{
+		.name = discard_const_p(char, "oid"),
+		.get  = (getter)py_ldb_control_get_oid,
+	},
+	{
+		.name = discard_const_p(char, "critical"),
+		.get  = (getter)py_ldb_control_get_critical,
+		.set  = (setter)py_ldb_control_set_critical,
+	},
+	{ .name = NULL },
 };
 
 static PyTypeObject PyLdbControl = {
@@ -2367,8 +2374,11 @@ static PyObject *py_ldb_get_firstmodule(PyLdbObject *self, void *closure)
 }
 
 static PyGetSetDef py_ldb_getset[] = {
-	{ discard_const_p(char, "firstmodule"), (getter)py_ldb_get_firstmodule, NULL, NULL },
-	{ NULL }
+	{
+		.name = discard_const_p(char, "firstmodule"),
+		.get  = (getter)py_ldb_get_firstmodule,
+	},
+	{ .name = NULL },
 };
 
 static int py_ldb_contains(PyLdbObject *self, PyObject *obj)
@@ -2483,11 +2493,23 @@ static PyObject *py_ldb_result_get_count(PyLdbResultObject *self, void *closure)
 }
 
 static PyGetSetDef py_ldb_result_getset[] = {
-	{ discard_const_p(char, "controls"), (getter)py_ldb_result_get_controls, NULL, NULL },
-	{ discard_const_p(char, "msgs"), (getter)py_ldb_result_get_msgs, NULL, NULL },
-	{ discard_const_p(char, "referals"), (getter)py_ldb_result_get_referals, NULL, NULL },
-	{ discard_const_p(char, "count"), (getter)py_ldb_result_get_count, NULL, NULL },
-	{ NULL }
+	{
+		.name = discard_const_p(char, "controls"),
+		.get  = (getter)py_ldb_result_get_controls,
+	},
+	{
+		.name = discard_const_p(char, "msgs"),
+		.get  = (getter)py_ldb_result_get_msgs,
+	},
+	{
+		.name = discard_const_p(char, "referals"),
+		.get  = (getter)py_ldb_result_get_referals,
+	},
+	{
+		.name = discard_const_p(char, "count"),
+		.get  = (getter)py_ldb_result_get_count,
+	},
+	{ .name = NULL },
 };
 
 static PyObject *py_ldb_result_iter(PyLdbResultObject *self)
@@ -3241,8 +3263,11 @@ static PyObject *py_ldb_msg_element_get_text(PyObject *self, void *closure)
 }
 
 static PyGetSetDef py_ldb_msg_element_getset[] = {
-	{ discard_const_p(char, "text"), (getter)py_ldb_msg_element_get_text, NULL, NULL },
-	{ NULL }
+	{
+		.name = discard_const_p(char, "text"),
+		.get  = (getter)py_ldb_msg_element_get_text,
+	},
+	{ .name = NULL }
 };
 
 static PyTypeObject PyLdbMessageElement = {
@@ -3625,9 +3650,16 @@ static PyObject *py_ldb_msg_get_text(PyObject *self, void *closure)
 }
 
 static PyGetSetDef py_ldb_msg_getset[] = {
-	{ discard_const_p(char, "dn"), (getter)py_ldb_msg_get_dn, (setter)py_ldb_msg_set_dn, NULL },
-	{ discard_const_p(char, "text"), (getter)py_ldb_msg_get_text, NULL, NULL },
-	{ NULL }
+	{
+		.name = discard_const_p(char, "dn"),
+		.get  = (getter)py_ldb_msg_get_dn,
+		.set  = (setter)py_ldb_msg_set_dn,
+	},
+	{
+		.name = discard_const_p(char, "text"),
+		.get  = (getter)py_ldb_msg_get_text,
+	},
+	{ .name = NULL },
 };
 
 static PyObject *py_ldb_msg_repr(PyLdbMessageObject *self)
diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c
new file mode 100644
index 00000000000..e09f50c86ba
--- /dev/null
+++ b/lib/ldb/tests/ldb_match_test.c
@@ -0,0 +1,191 @@
+/*
+ * Tests exercising the ldb match operations.
+ *
+ *
+ * Copyright (C) Catalyst.NET Ltd 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "../common/ldb_match.c"
+
+#include "../include/ldb.h"
+
+struct ldbtest_ctx {
+	struct tevent_context *ev;
+	struct ldb_context *ldb;
+};
+
+static int ldb_test_canonicalise(
+	struct ldb_context *ldb,
+	void *mem_ctx,
+	const struct ldb_val *in,
+	struct ldb_val *out)
+{
+	out->length = in->length;
+	out->data = in->data;
+	return 0;
+}
+
+static int setup(void **state)
+{
+	struct ldbtest_ctx *test_ctx;
+	struct ldb_schema_syntax *syntax = NULL;
+	int ret;
+
+	test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
+	assert_non_null(test_ctx);
+
+	test_ctx->ev = tevent_context_init(test_ctx);
+	assert_non_null(test_ctx->ev);
+
+	test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+	assert_non_null(test_ctx->ldb);
+
+	syntax = talloc_zero(test_ctx, struct ldb_schema_syntax);
+	assert_non_null(syntax);
+	syntax->canonicalise_fn = ldb_test_canonicalise;
+
+	ret = ldb_schema_attribute_add_with_syntax(
+	    test_ctx->ldb, "a", LDB_ATTR_FLAG_FIXED, syntax);
+	assert_int_equal(LDB_SUCCESS, ret);
+
+	*state = test_ctx;
+	return 0;
+}
+
+static int teardown(void **state)
+{
+	talloc_free(*state);
+	return 0;
+}
+
+
+/*
+ * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation
+ * rather than a LDB_OP_????
+ *
+ * This test serves to document that behaviour, and to confirm that
+ * ldb_wildcard_compare handles this case appropriately.
+ */
+static void test_wildcard_match_star(void **state)
+{
+	struct ldbtest_ctx *ctx = *state;
+	bool matched = false;
+	int ret;
+
+	uint8_t value[] = "The value.......end";
+	struct ldb_val val = {
+		.data   = value,
+		.length = (sizeof(value))
+	};
+	struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*");
+	assert_non_null(tree);
+
+	ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
+	assert_false(matched);
+	assert_int_equal(LDB_ERR_INAPPROPRIATE_MATCHING, ret);
+}
+
+/*
+ * Test basic wild card matching
+ *
+ */
+static void test_wildcard_match(void **state)
+{
+	struct ldbtest_ctx *ctx = *state;
+	bool matched = false;
+
+	uint8_t value[] = "The value.......end";
+	struct ldb_val val = {
+		.data   = value,
+		.length = (sizeof(value))
+	};
+	struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end");
+	assert_non_null(tree);
+
+	ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
+	assert_true(matched);
+}
+
+
+/*
+ * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
+ * to the data, to make them safe to use the C string functions on.
+ *
+ * However testing for the trailing '\0' is not the correct way to test for
+ * the end of a value, the length should be checked instead.
+ */
+static void test_wildcard_match_end_condition(void **state)
+{
+	struct ldbtest_ctx *ctx = *state;
+	bool matched = false;
+
+	uint8_t value[] = "hellomynameisbobx";
+	struct ldb_val val = {
+		.data   = talloc_memdup(NULL, value, sizeof(value)),
+		.length = (sizeof(value) - 2)
+	};
+	struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*hello*mynameis*bob");
+	assert_non_null(tree);
+
+	ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
+	assert_true(matched);
+}
+
+/*
+ * Note: to run under valgrind use:
+ *       valgrind \
+ *           --suppressions=lib/ldb/tests/ldb_match_test.valgrind \
+ *           bin/ldb_match_test
+ */
+int main(int argc, const char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test_setup_teardown(
+			test_wildcard_match_star,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_wildcard_match,
+			setup,
+			teardown),
+		cmocka_unit_test_setup_teardown(
+			test_wildcard_match_end_condition,
+			setup,
+			teardown),
+	};
+
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/lib/ldb/tests/ldb_match_test.valgrind b/lib/ldb/tests/ldb_match_test.valgrind
new file mode 100644
index 00000000000..660bd5a6b46
--- /dev/null
+++ b/lib/ldb/tests/ldb_match_test.valgrind
@@ -0,0 +1,16 @@
+{
+   Memory allocated in set-up
+   Memcheck:Leak
+   match-leak-kinds: possible
+   fun:malloc
+   ...
+   fun:setup
+}
+{
+   Memory allocated by ldb_init
+   Memcheck:Leak
+   match-leak-kinds: possible
+   fun:malloc
+   ...
+   fun:ldb_init
+}
diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py
index 1d9f33f8f73..e8826b5af3b 100755
--- a/lib/ldb/tests/python/api.py
+++ b/lib/ldb/tests/python/api.py
@@ -2317,12 +2317,14 @@ class LdbMsgTests(TestCase):
                 "Message({'dc': MessageElement([b'foo']), 'dn': Dn('dc=foo29')}).text",
             ])
         else:
-            self.assertEqual(
-                repr(self.msg),
-                "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})")
-            self.assertEqual(
-                repr(self.msg.text),
-                "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])}).text")
+            self.assertIn(repr(self.msg), [
+                "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})",
+                "Message({'dc': MessageElement(['foo']), 'dn': Dn('dc=foo29')})",
+            ])
+            self.assertIn(repr(self.msg.text), [
+                "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])}).text",
+                "Message({'dc': MessageElement(['foo']), 'dn': Dn('dc=foo29')}).text",
+            ])
 
     def test_len(self):
         self.assertEqual(0, len(self.msg))
diff --git a/lib/ldb/tools/ldbdump.c b/lib/ldb/tools/ldbdump.c
index 4697661a59d..a466e4916db 100644
--- a/lib/ldb/tools/ldbdump.c
+++ b/lib/ldb/tools/ldbdump.c
@@ -157,7 +157,9 @@ static void emergency_walk(TDB_DATA key, TDB_DATA dbuf, void *keyname)
 static int dump_tdb(const char *fname, struct ldb_dn *dn, bool emergency)
 {
 	TDB_CONTEXT *tdb;
-	struct tdb_logging_context logfn = { log_stderr };
+	struct tdb_logging_context logfn = {
+		.log_fn = log_stderr,
+	};
 
 	tdb = tdb_open_ex(fname, 0, 0, O_RDONLY, 0, &logfn, NULL);
 	if (!tdb) {
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 855ee4d556c..d3402a7b5b2 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 APPNAME = 'ldb'
-VERSION = '1.5.3'
+VERSION = '1.5.4'
 
 import sys, os
 
@@ -511,6 +511,11 @@ def build(bld):
                          deps='cmocka ldb',
                          install=False)


-- 
Samba Shared Repository



More information about the samba-cvs mailing list