[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Apr 7 03:17:01 UTC 2021
The branch, master has been updated
via 24ddc1ca9ca ldb/attrib_handler casefold: simplify space dropping
via 2b2f4f51945 ldb: fix ldb_comparison_fold off-by-one overrun
via ff1c3af603b build: Only add -Wl,--as-needed when supported
from 4d3b6506d30 librpc: Remove the gensec dependency from library dcerpc-binding
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 24ddc1ca9cad95673bdd8023d99867707b37085f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Dec 8 22:00:55 2020 +1300
ldb/attrib_handler casefold: simplify space dropping
As seen in CVE-2021-20277, ldb_handler_fold() has been making mistakes
when collapsing spaces down to a single space.
This patch fixes the way it handles internal spaces (CVE-2021-20277
was about leading spaces), and involves a rewrite of the parsing loop.
The bug has a detailed description of the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 7 03:16:39 UTC 2021 on sn-devel-184
commit 2b2f4f519454beb6f2a46705675a62274019fc09
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Mar 6 16:05:15 2021 +1300
ldb: fix ldb_comparison_fold off-by-one overrun
We run one character over in comparing all the bytes in two ldb_vals.
In almost all circumstances both ldb_vals would have an allocated '\0'
in the overrun position, but it is best not to rely on that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ff1c3af603b47a7e8f9faad8d1c2e4a489559155
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Mar 29 16:30:37 2021 +1100
build: Only add -Wl,--as-needed when supported
If -Wl,--as-needed is added to EXTRA_LDFLAGS (via ADD_LDFLAGS, as per
commit 996560191ac6bd603901dcd6c0de5d239e019ef4) then on some
platforms (at least CentOS 8 and Fedora 33), any indirect/recursive
dependencies (i.e. private libraries) are added to both the
binary (reqid_test in the CTDB case) and to samba-util.so. However,
only samba-util.so has rpath set to find private libraries.
When ld.so tries to resolve these dependencies for the binary it
fails. This may be a bug on those platforms, but it occurs reliably
and our users will also hit the bug. For binaries that have other
private library dependencies (e.g. bundled talloc) rpath will contain
the private library directory so the duplicate private library
dependencies are then found... that is, when it works, it works by
accident!
For some reason (deep in waf or wafsamba) if -Wl,--as-needed is added to
LINKFLAGS (as is done in conf.add_as_needed()) then it works: the direct
dependencies are only added to samba-util.so and the same depenencies
(indirect dependencies for binaries) are not added incorrectly to the
binaries.
So, without changing 1/2 of waf/wafsamba the simplest fix is to revert
to adding -Wl,--as-needed to LINKFLAGS, which was the case before
commit 996560191ac6bd603901dcd6c0de5d239e019ef4.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/attrib_handlers.c | 57 +++++++++++++++++++---------------------
lib/ldb/tests/ldb_match_test.c | 2 ++
wscript | 4 +--
3 files changed, 31 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c
index 81a74584bcb..febf2f414ca 100644
--- a/lib/ldb/common/attrib_handlers.c
+++ b/lib/ldb/common/attrib_handlers.c
@@ -54,8 +54,8 @@ int ldb_handler_copy(struct ldb_context *ldb, void *mem_ctx,
int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
- char *s, *t;
- size_t l;
+ char *s, *t, *start;
+ bool in_space;
if (!in || !out || !(in->data)) {
return -1;
@@ -67,36 +67,33 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
return -1;
}
- s = (char *)(out->data);
-
- /* remove trailing spaces if any */
- l = strlen(s);
- while (l > 0 && s[l - 1] == ' ') l--;
- s[l] = '\0';
-
- /* remove leading spaces if any */
- if (*s == ' ') {
- for (t = s; *s == ' '; s++, l--) ;
-
- /* remove leading spaces by moving down the string */
- memmove(t, s, l);
-
- s = t;
+ start = (char *)(out->data);
+ in_space = true;
+ t = start;
+ for (s = start; *s != '\0'; s++) {
+ if (*s == ' ') {
+ if (in_space) {
+ /*
+ * We already have one (or this is the start)
+ * and we don't want to add more
+ */
+ continue;
+ }
+ in_space = true;
+ } else {
+ in_space = false;
+ }
+ *t = *s;
+ t++;
}
- /* check middle spaces */
- while ((t = strchr(s, ' ')) != NULL) {
- for (s = t; *s == ' '; s++) ;
-
- if ((s - t) > 1) {
- l = strlen(s);
-
- /* remove all spaces but one by moving down the string */
- memmove(t + 1, s, l);
- }
+ if (in_space && t != start) {
+ /* the loop will have left a single trailing space */
+ t--;
}
+ *t = '\0';
- out->length = strlen((char *)out->data);
+ out->length = t - start;
return 0;
}
@@ -335,8 +332,8 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx,
if (toupper((unsigned char)*s1) != toupper((unsigned char)*s2))
break;
if (*s1 == ' ') {
- while (n1 && s1[0] == s1[1]) { s1++; n1--; }
- while (n2 && s2[0] == s2[1]) { s2++; n2--; }
+ while (n1 > 1 && s1[0] == s1[1]) { s1++; n1--; }
+ while (n2 > 1 && s2[0] == s2[1]) { s2++; n2--; }
}
s1++; s2++;
n1--; n2--;
diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c
index ba6ea56be15..1bb56d072d9 100644
--- a/lib/ldb/tests/ldb_match_test.c
+++ b/lib/ldb/tests/ldb_match_test.c
@@ -183,6 +183,8 @@ static void test_wildcard_match(void **state)
struct wildcard_test tests[] = {
TEST_ENTRY(" 1 0", "1*0*", true, true),
TEST_ENTRY(" 1 0", "1 *0", true, true),
+ TEST_ENTRY(" 1 0", "*1 0", true, true),
+ TEST_ENTRY("1 0", "*1 0", true, true),
TEST_ENTRY("The value.......end", "*end", true, true),
TEST_ENTRY("The value.......end", "*fend", false, true),
TEST_ENTRY("The value.......end", "*eel", false, true),
diff --git a/wscript b/wscript
index 9c501e9441f..dc547b44aa4 100644
--- a/wscript
+++ b/wscript
@@ -336,8 +336,8 @@ def configure(conf):
# allows us to find problems on our development hosts faster.
# It also results in faster load time.
- conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True)
-
+ if conf.CHECK_LDFLAGS('-Wl,--as-needed'):
+ conf.env.append_unique('LINKFLAGS', '-Wl,--as-needed')
if not conf.CHECK_NEED_LC("-lc not needed"):
conf.ADD_LDFLAGS('-lc', testflags=False)
--
Samba Shared Repository
More information about the samba-cvs
mailing list