[SCM] Samba Shared Repository - branch v4-13-test updated
Stefan Metzmacher
metze at samba.org
Tue Nov 2 22:42:01 UTC 2021
The branch, v4-13-test has been updated
via 20ce74008b3 ldb: version 2.2.3
via 767bafc50ae ldb_kv_index: fix empty initializer compile warning
via 0dc05f591db ldb: Use hex_byte() in ldb_binary_decode()
via 9ad6b86ccc9 lib: Add "hex_byte()" to replace.h
via 8c29175f7fe ldb_controls: control_to_string avoids crash
via 7dd52901904 lib:ldb-samba: Improve calculate_popt_array_length()
via 68d736a73f1 lib:ldb: Use C99 initializers for builtin_popt_options[]
via 5363e0340d7 pyldb: fix a typo
via bbc5373b872 ldb: improve comments for ldb_module_connect_backend()
via 90729aed778 ldb: correct comments in attrib_handers val_to_int64
via 1253ee80bd1 ldb.h: remove undefined async_ctx function signatures
via e96b3f7185a lib:ldb: Add missing break in switch statement
via 933fbc8ca9e pyldb: Fix Message.items() for a message containing elements
via 7e8d2bcca98 ldb_match: remove redundant check
via f2c0ab2daed pyldb: catch potential overflow error in py_timestring
via cb04bfc55a8 ldb: fix ldb_comparison_fold off-by-one overrun
via e431362a701 ldb_match: trailing chunk must match end of string
via 0c32ab5f61a ldb/attrib_handler casefold: simplify space dropping
from 6671c88157b VERSION: Bump version up to Samba 4.13.14...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test
- Log -----------------------------------------------------------------
commit 20ce74008b3347256139e3d10caef0fd6322f87f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 2 15:19:31 2021 +0100
ldb: version 2.2.3
Backport all C code changes from ldb-2.4.1
to be available for Samba 4.13.x
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-13-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-13-test): Tue Nov 2 22:41:39 UTC 2021 on sn-devel-184
commit 767bafc50aed115cab1eccd997cf4cc9758db8b1
Author: Björn Jacke <bj at sernet.de>
Date: Mon Oct 19 02:39:46 2020 +0200
ldb_kv_index: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c862ad64aea31d1d5ec66385bb50d9b97e609071)
commit 0dc05f591db1cd137e85fcb0ebc1dfc7eb320aed
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 4 13:55:01 2021 +0100
ldb: Use hex_byte() in ldb_binary_decode()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b6a57c49c00a778f954aaf10db6ebe6dca8f5ae2)
commit 9ad6b86ccc9df76311e3e9f1908f815a292d1b6d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 4 13:12:30 2021 +0100
lib: Add "hex_byte()" to replace.h
This is required in quite a few places, and replace.h has things like
ZERO_STRUCT already, so this is not completely outplaced.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c8d9ce3f7c8c486ab21e320a0adcb71311dcb453)
commit 8c29175f7fe10bbf37595cb2e5afd26a4617fd7a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 24 12:41:29 2020 +1200
ldb_controls: control_to_string avoids crash
Otherwise a malformed control with unexpected NULL data will segfault
ldb_control_to_string(), though this is not very likely to affect
anyone in practice as converting controls to strings is rarely
necessary. If it happens at all in Samba it is in Python code.
Found by Honggfuzz using fuzz_ldb_parse_control.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 29 04:43:23 UTC 2020 on sn-devel-184
(cherry picked from commit 2aace18f170644da9c293342a6df5e5b2ae8da25)
commit 7dd529019045949bcc5d7fbb49322868bfda52c7
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 17 19:16:13 2020 +0100
lib:ldb-samba: Improve calculate_popt_array_length()
Note that memcmp() doesn't work well with padding bytes. So avoid it!
(gdb) ptype/o struct poptOption
/* offset | size */ type = struct poptOption {
/* 0 | 8 */ const char *longName;
/* 8 | 1 */ char shortName;
/* XXX 3-byte hole */
/* 12 | 4 */ unsigned int argInfo;
/* 16 | 8 */ void *arg;
/* 24 | 4 */ int val;
/* XXX 4-byte hole */
/* 32 | 8 */ const char *descrip;
/* 40 | 8 */ const char *argDescrip;
/* total size (bytes): 48 */
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c2c7c1f50a8acb3169e19ba4329aa78839b66def)
commit 68d736a73f175c949ae19a15228b7e5e4d90a610
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 17 11:56:08 2020 +0100
lib:ldb: Use C99 initializers for builtin_popt_options[]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a593065c7f22e17434f33d0132cc6a7073acf414)
commit 5363e0340d74666e29f2c367e24e1035f5279a9b
Author: Björn Baumbach <bb at sernet.de>
Date: Mon Jan 18 16:48:21 2021 +0100
pyldb: fix a typo
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Rowland penny <rpenny at samba.org>
(cherry picked from commit 6fcde09f093db5d26c582a3c28531265f06b9fde)
commit bbc5373b87279a4a51f3de8ab10fe15680b34d56
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jan 29 13:49:02 2021 +1300
ldb: improve comments for ldb_module_connect_backend()
There is no flags argument.
There are more URI forms.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 48068a58df0313cd904f27e2c918ee10275ae373)
commit 90729aed778538478e1fdc19b6d11a3b1606ddee
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Mar 6 09:57:44 2021 +1300
ldb: correct comments in attrib_handers val_to_int64
c.f. the identical static function in lib/ldb-samba/ldif_handlers.c
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 46e6f6ef8436df7e083f34556c25f66f65ea1ce5)
commit 1253ee80bd18bbd099872b26ea3603d2ef344808
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Dec 19 11:43:56 2020 +1300
ldb.h: remove undefined async_ctx function signatures
These functions do not exist.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1a05b58edaf96e7da707f9ad0a237551dbe13eb5)
commit e96b3f7185a0b53e5dae0c4d57b453a88d9a326a
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 1 14:21:21 2021 +0100
lib:ldb: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1ffacac547a8ce29c6696dda73991a8db7e34dfd)
commit 933fbc8ca9e9a77c1b7bc4f026a18223c01b39b2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 28 14:15:43 2021 +1200
pyldb: Fix Message.items() for a message containing elements
Previously, message elements were being freed before the call to
Py_BuildValue(), resulting in an exception being raised. Additionally,
only the first element of the returned list was ever assigned to.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3e4ec0a90a222c1cff4a91912afc703ca4cbbb0e)
commit 7e8d2bcca98d58464cb30d0e8c9f9bc9604ff202
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Mar 3 19:54:37 2021 +1300
ldb_match: remove redundant check
We already ensure the no-trailing-asterisk case ends at the end of the
string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fa93339978040eab52b2722c1716028b48d8d084)
commit f2c0ab2daed7598a51e09dcae7c69c98fbae9682
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 19 16:53:55 2021 +0100
pyldb: catch potential overflow error in py_timestring
Pair-Programmed-With: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 71e8b24b8a031de26b21539e36a60f459257d2fd)
commit cb04bfc55a8e4e370fc8d7865cb502ea788d6556
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Mar 6 16:05:15 2021 +1300
ldb: fix ldb_comparison_fold off-by-one overrun
We run one character over in comparing all the bytes in two ldb_vals.
In almost all circumstances both ldb_vals would have an allocated '\0'
in the overrun position, but it is best not to rely on that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2b2f4f519454beb6f2a46705675a62274019fc09)
commit e431362a70145caf587d5e28978a0ad4588326e0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Mar 3 19:17:36 2021 +1300
ldb_match: trailing chunk must match end of string
A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).
We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).
With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.
See https://tools.ietf.org/html/rfc4517
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cc098f1cad04b2cfec4ddd6b2511cd5a600f31c6)
commit 0c32ab5f61af06061e6ba18dbe636f62da037f1f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Dec 8 22:00:55 2020 +1300
ldb/attrib_handler casefold: simplify space dropping
As seen in CVE-2021-20277, ldb_handler_fold() has been making mistakes
when collapsing spaces down to a single space.
This patch fixes the way it handles internal spaces (CVE-2021-20277
was about leading spaces), and involves a rewrite of the parsing loop.
The bug has a detailed description of the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 7 03:16:39 UTC 2021 on sn-devel-184
(cherry picked from commit 24ddc1ca9cad95673bdd8023d99867707b37085f)
-----------------------------------------------------------------------
Summary of changes:
lib/ldb-samba/samba_extensions.c | 27 ++-
lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.2.3.sigs} | 0
...pyldb-util-2.1.0.sigs => pyldb-util-2.2.3.sigs} | 0
lib/ldb/common/attrib_handlers.c | 61 +++--
lib/ldb/common/ldb_controls.c | 22 ++
lib/ldb/common/ldb_match.c | 82 +++----
lib/ldb/common/ldb_modules.c | 14 +-
lib/ldb/common/ldb_msg.c | 1 +
lib/ldb/common/ldb_parse.c | 27 +--
lib/ldb/include/ldb.h | 12 -
lib/ldb/ldb_key_value/ldb_kv_index.c | 2 +-
lib/ldb/ldb_map/ldb_map_inbound.c | 1 +
lib/ldb/pyldb.c | 13 +-
lib/ldb/tests/ldb_match_test.c | 2 +
lib/ldb/tests/python/api.py | 19 ++
lib/ldb/tools/cmdline.c | 252 ++++++++++++++++++---
lib/ldb/wscript | 3 +-
lib/replace/replace.h | 16 ++
18 files changed, 398 insertions(+), 156 deletions(-)
copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.2.3.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.2.3.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb-samba/samba_extensions.c b/lib/ldb-samba/samba_extensions.c
index 65a4079ec97..60aa1a332b5 100644
--- a/lib/ldb-samba/samba_extensions.c
+++ b/lib/ldb-samba/samba_extensions.c
@@ -34,15 +34,32 @@
#include "popt.h"
+static bool is_popt_table_end(const struct poptOption *o)
+{
+ if (o->longName == NULL &&
+ o->shortName =='\0' &&
+ o->arg == NULL) {
+ return true;
+ }
+
+ return false;
+}
/*
work out the length of a popt array
*/
-static unsigned calculate_popt_array_length(struct poptOption *opts)
+static size_t calculate_popt_array_length(struct poptOption *opts)
{
- unsigned i;
- struct poptOption zero_opt = { 0 };
- for (i=0; memcmp(&zero_opt, &opts[i], sizeof(zero_opt)) != 0; i++) ;
+ size_t i = 0;
+
+ for (i = 0; i < UINT32_MAX; i++) {
+ struct poptOption *o = &(opts[i]);
+
+ if (is_popt_table_end(o)) {
+ break;
+ }
+ }
+
return i;
}
@@ -61,7 +78,7 @@ static int extensions_hook(struct ldb_context *ldb, enum ldb_module_hook_type t)
{
switch (t) {
case LDB_MODULE_HOOK_CMDLINE_OPTIONS: {
- unsigned len1, len2;
+ size_t len1, len2;
struct poptOption **popt_options = ldb_module_popt_options(ldb);
struct poptOption *new_array;
diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.2.3.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-2.0.5.sigs
copy to lib/ldb/ABI/ldb-2.2.3.sigs
diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs b/lib/ldb/ABI/pyldb-util-2.2.3.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs
copy to lib/ldb/ABI/pyldb-util-2.2.3.sigs
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c
index c6ef5ad477b..febf2f414ca 100644
--- a/lib/ldb/common/attrib_handlers.c
+++ b/lib/ldb/common/attrib_handlers.c
@@ -54,8 +54,8 @@ int ldb_handler_copy(struct ldb_context *ldb, void *mem_ctx,
int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
- char *s, *t;
- size_t l;
+ char *s, *t, *start;
+ bool in_space;
if (!in || !out || !(in->data)) {
return -1;
@@ -67,40 +67,37 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
return -1;
}
- s = (char *)(out->data);
-
- /* remove trailing spaces if any */
- l = strlen(s);
- while (l > 0 && s[l - 1] == ' ') l--;
- s[l] = '\0';
-
- /* remove leading spaces if any */
- if (*s == ' ') {
- for (t = s; *s == ' '; s++, l--) ;
-
- /* remove leading spaces by moving down the string */
- memmove(t, s, l);
-
- s = t;
+ start = (char *)(out->data);
+ in_space = true;
+ t = start;
+ for (s = start; *s != '\0'; s++) {
+ if (*s == ' ') {
+ if (in_space) {
+ /*
+ * We already have one (or this is the start)
+ * and we don't want to add more
+ */
+ continue;
+ }
+ in_space = true;
+ } else {
+ in_space = false;
+ }
+ *t = *s;
+ t++;
}
- /* check middle spaces */
- while ((t = strchr(s, ' ')) != NULL) {
- for (s = t; *s == ' '; s++) ;
-
- if ((s - t) > 1) {
- l = strlen(s);
-
- /* remove all spaces but one by moving down the string */
- memmove(t + 1, s, l);
- }
+ if (in_space && t != start) {
+ /* the loop will have left a single trailing space */
+ t--;
}
+ *t = '\0';
- out->length = strlen((char *)out->data);
+ out->length = t - start;
return 0;
}
-/* length limited conversion of a ldb_val to a int32_t */
+/* length limited conversion of a ldb_val to an int64_t */
static int val_to_int64(const struct ldb_val *in, int64_t *v)
{
char *end;
@@ -113,8 +110,6 @@ static int val_to_int64(const struct ldb_val *in, int64_t *v)
strncpy(buf, (char *)in->data, in->length);
buf[in->length] = 0;
- /* We've to use "strtoll" here to have the intended overflows.
- * Otherwise we may get "LONG_MAX" and the conversion is wrong. */
*v = (int64_t) strtoll(buf, &end, 0);
if (*end != 0) {
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
@@ -337,8 +332,8 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx,
if (toupper((unsigned char)*s1) != toupper((unsigned char)*s2))
break;
if (*s1 == ' ') {
- while (n1 && s1[0] == s1[1]) { s1++; n1--; }
- while (n2 && s2[0] == s2[1]) { s2++; n2--; }
+ while (n1 > 1 && s1[0] == s1[1]) { s1++; n1--; }
+ while (n2 > 1 && s2[0] == s2[1]) { s2++; n2--; }
}
s1++; s2++;
n1--; n2--;
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index d67c0afd845..266aa90b224 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -286,6 +286,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
if (strcmp(control->oid, LDB_CONTROL_PAGED_RESULTS_OID) == 0) {
struct ldb_paged_control *rep_control = talloc_get_type(control->data, struct ldb_paged_control);
char *cookie;
+ if (rep_control == NULL) {
+ return NULL;
+ }
cookie = ldb_base64_encode(mem_ctx, rep_control->cookie, rep_control->cookie_len);
if (cookie == NULL) {
@@ -312,6 +315,10 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
char *cookie;
+ if (rep_control == NULL) {
+ return NULL;
+ }
+
cookie = ldb_base64_encode(mem_ctx,
(char *)rep_control->contextId,
rep_control->ctxid_len);
@@ -334,6 +341,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_sort_resp_control *rep_control = talloc_get_type(control->data,
struct ldb_sort_resp_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s",
LDB_CONTROL_SORT_RESP_NAME,
control->critical,
@@ -347,6 +357,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_asq_control *rep_control = talloc_get_type(control->data,
struct ldb_asq_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
res = talloc_asprintf(mem_ctx, "%s:%d:%d",
LDB_CONTROL_SORT_RESP_NAME,
control->critical,
@@ -360,6 +373,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_dirsync_control *rep_control = talloc_get_type(control->data,
struct ldb_dirsync_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
cookie = ldb_base64_encode(mem_ctx, rep_control->cookie,
rep_control->cookie_len);
if (cookie == NULL) {
@@ -380,6 +396,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
struct ldb_dirsync_control *rep_control = talloc_get_type(control->data,
struct ldb_dirsync_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
cookie = ldb_base64_encode(mem_ctx, rep_control->cookie,
rep_control->cookie_len);
if (cookie == NULL) {
@@ -399,6 +418,9 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
if (strcmp(control->oid, LDB_CONTROL_VERIFY_NAME_OID) == 0) {
struct ldb_verify_name_control *rep_control = talloc_get_type(control->data, struct ldb_verify_name_control);
+ if (rep_control == NULL) {
+ return NULL;
+ }
if (rep_control->gc != NULL) {
res = talloc_asprintf(mem_ctx, "%s:%d:%d:%s",
LDB_CONTROL_VERIFY_NAME_NAME,
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index 829afa77e71..2f4d41f3441 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -295,8 +295,9 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
uint8_t *p;
chunk = tree->u.substring.chunks[c];
- if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
-
+ if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) {
+ goto mismatch;
+ }
/*
* Empty strings are returned as length 0. Ensure
* we can cope with this.
@@ -304,56 +305,43 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
if (cnk.length == 0) {
goto mismatch;
}
- /*
- * Values might be binary blobs. Don't use string
- * search, but memory search instead.
- */
- p = memmem((const void *)val.data,val.length,
- (const void *)cnk.data, cnk.length);
- if (p == NULL) goto mismatch;
-
- /*
- * At this point we know cnk.length <= val.length as
- * otherwise there could be no match
- */
+ if (cnk.length > val.length) {
+ goto mismatch;
+ }
- if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
- uint8_t *g;
- uint8_t *end = val.data + val.length;
- do { /* greedy */
-
- /*
- * haystack is a valid pointer in val
- * because the memmem() can only
- * succeed if the needle (cnk.length)
- * is <= haystacklen
- *
- * p will be a pointer at least
- * cnk.length from the end of haystack
- */
- uint8_t *haystack
- = p + cnk.length;
- size_t haystacklen
- = end - (haystack);
-
- g = memmem(haystack,
- haystacklen,
- (const uint8_t *)cnk.data,
- cnk.length);
- if (g) {
- p = g;
- }
- } while(g);
+ if ( (tree->u.substring.chunks[c + 1]) == NULL &&
+ (! tree->u.substring.end_with_wildcard) ) {
+ /*
+ * The last bit, after all the asterisks, must match
+ * exactly the last bit of the string.
+ */
+ int cmp;
+ p = val.data + val.length - cnk.length;
+ cmp = memcmp(p,
+ cnk.data,
+ cnk.length);
+ if (cmp != 0) {
+ goto mismatch;
+ }
+ } else {
+ /*
+ * Values might be binary blobs. Don't use string
+ * search, but memory search instead.
+ */
+ p = memmem((const void *)val.data, val.length,
+ (const void *)cnk.data, cnk.length);
+ if (p == NULL) {
+ goto mismatch;
+ }
+ /* move val to the end of the match */
+ p += cnk.length;
+ val.length -= (p - val.data);
+ val.data = p;
}
- val.length = val.length - (p - (uint8_t *)(val.data)) - cnk.length;
- val.data = (uint8_t *)(p + cnk.length);
c++;
- talloc_free(cnk.data);
- cnk.data = NULL;
+ TALLOC_FREE(cnk.data);
}
- /* last chunk may not have reached end of string */
- if ( (! tree->u.substring.end_with_wildcard) && (val.length != 0) ) goto mismatch;
talloc_free(save_p);
*matched = true;
return LDB_SUCCESS;
diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
index cc067abdfe0..4366f05e066 100644
--- a/lib/ldb/common/ldb_modules.c
+++ b/lib/ldb/common/ldb_modules.c
@@ -173,11 +173,15 @@ int ldb_register_backend(const char *url_prefix, ldb_connect_fn connectfn, bool
/*
Return the ldb module form of a database.
- The URL can either be one of the following forms
- ldb://path
- ldapi://path
-
- flags is made up of LDB_FLG_*
+ The URL looks something like this:
+ tdb://PATH
+ ldb://PATH
+ mdb://PATH
+ ldapi://PATH
+ PATH (unadorned PATH defaults to tdb://)
+
+ for a complete list of backends (including possibly unmaintained ones) grep
+ for calls to ldb_register_backend().
the options are passed uninterpreted to the backend, and are
backend specific.
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index 7131f013f71..57dfc5a04c2 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -1272,6 +1272,7 @@ char *ldb_timestring(TALLOC_CTX *mem_ctx, time_t t)
if (r != 17) {
talloc_free(ts);
+ errno = EOVERFLOW;
return NULL;
}
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 7e15206b168..f0045ad2093 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -53,26 +53,6 @@
*/
#define LDB_MAX_PARSE_TREE_DEPTH 128
-static int ldb_parse_hex2char(const char *x)
-{
- if (isxdigit(x[0]) && isxdigit(x[1])) {
- const char h1 = x[0], h2 = x[1];
- int c = 0;
-
- if (h1 >= 'a') c = h1 - (int)'a' + 10;
- else if (h1 >= 'A') c = h1 - (int)'A' + 10;
- else if (h1 >= '0') c = h1 - (int)'0';
- c = c << 4;
- if (h2 >= 'a') c += h2 - (int)'a' + 10;
- else if (h2 >= 'A') c += h2 - (int)'A' + 10;
- else if (h2 >= '0') c += h2 - (int)'0';
-
- return c;
- }
-
- return -1;
-}
-
/*
a filter is defined by:
<filter> ::= '(' <filtercomp> ')'
@@ -101,10 +81,11 @@ struct ldb_val ldb_binary_decode(TALLOC_CTX *mem_ctx, const char *str)
for (i=j=0;i<slen;i++) {
if (str[i] == '\\') {
- int c;
+ uint8_t c;
+ bool ok;
- c = ldb_parse_hex2char(&str[i+1]);
- if (c == -1) {
+ ok = hex_byte(&str[i+1], &c);
+ if (!ok) {
talloc_free(ret.data);
memset(&ret, 0, sizeof(ret));
return ret;
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 7f53e6420e1..f5f02c9a344 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -1093,18 +1093,6 @@ int ldb_global_init(void);
*/
struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx);
-typedef void (*ldb_async_timeout_fn) (void *);
-typedef bool (*ldb_async_callback_fn) (void *);
-typedef int (*ldb_async_ctx_add_op_fn)(void *, time_t, void *, ldb_async_timeout_fn, ldb_async_callback_fn);
-typedef int (*ldb_async_ctx_wait_op_fn)(void *);
-
-void ldb_async_ctx_set_private_data(struct ldb_context *ldb,
- void *private_data);
-void ldb_async_ctx_set_add_op(struct ldb_context *ldb,
- ldb_async_ctx_add_op_fn add_op);
-void ldb_async_ctx_set_wait_op(struct ldb_context *ldb,
- ldb_async_ctx_wait_op_fn wait_op);
-
/**
Connect to a database.
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 9be7c5adcbe..1cc042aa84f 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -2267,7 +2267,7 @@ static int ldb_kv_index_filter(struct ldb_kv_private *ldb_kv,
struct ldb_message *filtered_msg;
unsigned int i;
unsigned int num_keys = 0;
- uint8_t previous_guid_key[LDB_KV_GUID_KEY_SIZE] = {};
+ uint8_t previous_guid_key[LDB_KV_GUID_KEY_SIZE] = {0};
struct ldb_val *keys = NULL;
/*
diff --git a/lib/ldb/ldb_map/ldb_map_inbound.c b/lib/ldb/ldb_map/ldb_map_inbound.c
index 861c4c1622d..324295737da 100644
--- a/lib/ldb/ldb_map/ldb_map_inbound.c
+++ b/lib/ldb/ldb_map/ldb_map_inbound.c
@@ -262,6 +262,7 @@ static int map_search_self_callback(struct ldb_request *req, struct ldb_reply *a
LDB_ERR_OPERATIONS_ERROR);
}
+ break;
default:
/* ignore referrals */
break;
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index d093daedf5c..3f4b0c7a45c 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -3535,13 +3535,13 @@ static PyObject *py_ldb_msg_items(PyLdbMessageObject *self,
PyObject *value = NULL;
PyObject *py_el = PyLdbMessageElement_FromMessageElement(&msg->elements[i], msg->elements);
int res = 0;
- Py_CLEAR(py_el);
value = Py_BuildValue("(sO)", msg->elements[i].name, py_el);
+ Py_CLEAR(py_el);
if (value == NULL ) {
Py_CLEAR(l);
return NULL;
}
- res = PyList_SetItem(l, 0, value);
+ res = PyList_SetItem(l, j, value);
if (res == -1) {
Py_CLEAR(l);
return NULL;
@@ -4227,6 +4227,13 @@ static PyObject *py_timestring(PyObject *module, PyObject *args)
if (!PyArg_ParseTuple(args, "l", &t_val))
return NULL;
tresult = ldb_timestring(NULL, (time_t) t_val);
+ if (tresult == NULL) {
+ /*
+ * Most likely EOVERFLOW from gmtime()
+ */
+ PyErr_SetFromErrno(PyExc_OSError);
+ return NULL;
+ }
--
Samba Shared Repository
More information about the samba-cvs
mailing list