[SCM] Samba Shared Repository - branch v4-20-test updated
Jule Anger
janger at samba.org
Mon Jun 10 14:44:02 UTC 2024
The branch, v4-20-test has been updated
via 50d4451bd4b s3:smbcacls: fix ace_compare
via e21251926ba ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold
via 3f9d9f83448 ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold
via d12f3cced61 s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP()
via 7ae866c6ffa s4:dsdb:mod: repl_md: make message_sort transitive
via 21a01b3bad4 ldb: avoid NULL deref in ldb_db_compare
via 7d295cb6fe5 ldb:attrib_handlers: make ldb_comparison_Boolean more consistent
via 3d62269dfbf ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs
via 586c0f3dd00 ldb-samba:ldif_handlers: dn_link_comparison leaks less
via d819b21464c ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects
via ae770139f25 ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs
via 956bff1dc63 ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects
via da5c625e641 ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate
via dcf393af595 s4:rpcsrv:samr: improve a comment in compare_msgRid
via 8f0490150b4 s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs
via d2aaed5d969 s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
via de865f6c8b7 lib/socket: rearrange iface_comp() to use NUMERIC_CMP
via 1d527c49df5 gensec: sort_gensec uses NUMERIC_CMP
via 2f6c5b6603f s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP
via 835594dea0e dsdb:schema: use NUMERIC_CMP in place of uint32_cmp
via 29b17d296c0 s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp
via 6893310bd79 s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare
via 94f38553adf s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
via f61aabdb1a3 ldb:dn: make ldb_dn_compare() self-consistent
via f3b6ec046a0 ldb:sort: generalise both-NULL check to equality check
via a0a83539c30 ldb:sort: check that elements have values
via 5f52991b931 ldb:mod:sort: rearrange NULL checks
via faed55f4f88 s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
via 4d6f0ad643c s3:util:sharesec ace_compare() uses NUMERIC_CMP()
via e3f491e3193 s3:smbcacls: use NUMERIC_CMP in ace_compare
via 48494283a66 s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()
via 27becb5a7fc s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()
via 20648aaf7fe s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
via 7acee3ae13a s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
via a326992c07d s4:dns_server: use NUMERIC_CMP in rec_cmp()
via c6ed9351f81 s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
via 39505028672 s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
via 886818f5abb libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
via bd548a92d42 libcli/security: use NUMERIC_CMP in dom_sid_compare()
via c95b73014d3 ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
via e0468b5a9ed ldb: avoid non-transitive comparison in ldb_val_cmp()
via 7990f5a2841 util:datablob: avoid non-transitive comparison in data_blob_cmp()
via f7e192e82f7 ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
via 4fa00be3083 ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
via 1c6f16cdca9 util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
via 6a0daf6818b lib/torture: add assert_int_{less,greater} macros
via ccd94628b58 s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
via f9a7ded26d1 s3:libsmb:namequery: note intransitivity in addr_compare()
via 77b78b45330 util:charset:codepoints: codepoint_cmpi warning about non-transitivity
via 64d55301410 util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
via 10c0087dac8 util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
via eb8fd60e10c util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
via d18a62836c0 torture:charset: test more of strcasecmp_m
via 94b574cde12 torture:charset: use < and > assertions for strncasecmp_m
via 767344ee512 torture:charset: use < and > assertions for strcasecmp_m
via be4965c69c8 util:binsearch: user NUMERIC_CMP()
via 51fa8c0168e s4: use numeric_cmp in dns_common_sort_zones()
via f94b87da1be s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
via 3071a4af9a5 s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
via 696cca23e3e ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
via 1b8ccbf031b ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
via 9e19cc17117 ldb: add NUMERIC_CMP macro to ldb.h
via b46af17050b util:tsort.h: add a macro for safely comparing numbers
via 3a840553cfb lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
via c206d3d20c8 ldb: avoid out of bounds read and write in ldb_qsort()
via e2191933876 examples:winexe: embed Samba version as exe timestamp
via b1173444ff8 examples:winexe: reproducible builds with zero timestamp
via e7c132a4a2c buildtools:pidl: avoid hash randomisation in pidl
via eb480df1baf pidl:Typelist: resolveType(): don't mistake a reference for a name
from 65e781a30b2 s3:winbind: Fix idmap_ad creating an invalid local krb5.conf
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -----------------------------------------------------------------
commit 50d4451bd4bf98dc8c0c2ee6a9d9ffeb78788d0c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 21 20:20:36 2024 +1200
s3:smbcacls: fix ace_compare
We got this wrong in commit 31101a9fa1503be9d8137e42466f57d85136a156.
In fact, we should probably not reorder the inherited ACLs, but that
is for another patch series.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5abeb724d74af2b861f2ee6bc27762bb5bf07bca)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Mon Jun 10 14:43:44 UTC 2024 on atb-devel-224
commit e21251926bada4af23c5df0dab9e94e9cd30f0b8
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 26 15:58:44 2024 +1200
ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold
If two strings are invalid UTF-8, the string is first compared with
memcmp(), which compares as unsigned char.
If the strings are of different lengths and one is a substring of the
other, the memcmp() returns 0 and a second comparison is made which
assumes the next character in the shorter string is '\0' -- but this
comparison was done using SIGNED chars (on most systems). That leads
to non-transitive comparisons.
Consider the strings {"a\xff", "a", "ab\xff"} under that system.
"a\xff" < "a", because (char)0xff == -1.
"ab\xff" > "a", because 'b' == 98.
"ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the
signed char tiebreaker.
(Before c49c48afe09a1a78989628bbffd49dd3efc154dd, the final character
might br arbitrarily cast into another character -- in latin-1, for
example, the 0xff here would have been seen as 'ÿ', which would be
uppercased to 'Ÿ', which is U+0178, which would be truncated to
'\x78', a positive char.
On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ',
remaining negative).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e2051eebd492a419f840280336eb242d0b4a26ac)
commit 3f9d9f83448c71cf5453dd63434efc98a36d4cfa
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 11 13:21:25 2024 +1200
ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f81b7c7eb206a447d799a25cc2da26304dc7567a)
commit d12f3cced612ccdb1a387544d989de25118d7e4c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 12 20:28:04 2024 +1200
s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP()
No change at all in the result, just saving lines and branches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 827b0c39ed0497407bfcfc5683735a165b1b0f0a)
commit 7ae866c6ffab54001d9d52b29edaac91d79e5f26
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 12 18:11:47 2024 +1200
s4:dsdb:mod: repl_md: make message_sort transitive
Before we had (with a TODO of regret):
if (!a1 || !a2) {
return strcasecmp(e1->name, e2->name);
}
so, given {name:"A", id 2}, {name:"B", NO id}, {name:"C", id 1},
A < B by name
B < C by name
A > C by id
Now the sort order is always A > C > B.
This sort could have caused mysterious crashes in repl_meta_data if
the schema is out of sync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5335f122fb551231a02a58f88f6a0aa23b5e02cb)
commit 21a01b3bad469daf28ce389b1555154eef9c664d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 26 15:24:47 2024 +1200
ldb: avoid NULL deref in ldb_db_compare
This also sorts NULLs after invalid DNs, which matches the comment
above.
CID 1596622.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit af7654331fb6a2d9cc41cf5bdffa74c81ff4ffee)
commit 7d295cb6fe51fa95794d681ca77af5f3a9e8d0f9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 10 10:54:41 2024 +1200
ldb:attrib_handlers: make ldb_comparison_Boolean more consistent
This isn't supposed to be used for sorting, but it is hard to say it
won't be, so we might as well make it sort properly.
Following long-standing behaviour, we try to sort "FALSE" > "TRUE", by
length, then switch to using strncasecmp().
strncasecmp would sort the other way, so we swap the operands. This is
to make e.g. "TRUE\0" sort the same as "TRUE".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a75c98ad688415aec8afc617a759ba90cfd9f23b)
commit 3d62269dfbf15b82b9bc67d82ce0241c77483765
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 11 18:08:54 2024 +1200
ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs
If both DNs are invalid, we can say they are equal.
This means invalid or NULL DNs will sort to the end of the array,
before deleted DNs:
[ valid DNs, sorted | invalid/NULL DNs | deleted DNs, sorted ]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7280c8e53f463108fe3de443ce63572dde689a30)
commit 586c0f3dd00486777529b44c28ba8f7815ee8e24
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 11 16:59:50 2024 +1200
ldb-samba:ldif_handlers: dn_link_comparison leaks less
dn1 and dn2 can be invalid but still occupying memory.
(ldb_dn_validate(dn2) does contain a NULL check, but a lot more besides).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 341b8fb60e291ad598fafd7a09a75e9b249de07f)
commit d819b21464ca13a5349de31d182250ecde3d8175
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 11 16:53:03 2024 +1200
ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects
This changes the behaviour of the DN syntax .comparison_fn when being
used in a search, if the search key is a deleted DN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 70356592563bf758dbe509413445b77bb0d7da14)
commit ae770139f258adfeb98b4758b722c0b1dc6aff6a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 11 16:26:03 2024 +1200
ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs
these tend to go to the end of the sorted array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 11d5a809325369b48d14023adf109e418bb1c7af)
commit 956bff1dc63afccebc78b1ac5edc3a66034496ce
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 11 16:25:02 2024 +1200
ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects
We were always returning -1 for a deleted object, which works for an
equality test, but not a relative comparison.
This sorts deleted DNs toward the end of the list -- except when both
DNs are deleted. What should happen there is yet to be determined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit db963b1674ede357d4edba578e0e0372dcb2f287)
commit da5c625e6411d9a4ffe780a55dff3fca60857cf5
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 10 10:54:31 2024 +1200
ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate
This function compares blobs that might be SID strings or might be SID
structures. Until now, if they were both (seemingly) strings, they were
compared as strings, otherwise if either was a string it was converted to
a structure blob, then the blobs were compared. This had two big problems:
1. There is variety in the way a SID can be stringified. For example,
"s-1-02-3" means the same SID as "S-1-2-3", but those wouldn't compare
equal.
2. SID comparison was crazily non-transitive. Consider the three values
a = "S-1-2-3-4-5",
b = "S-1-9-1",
c = SID("S-1-11-1"), where c is a struct and the others are string.
then we had,
a < b, because the 5th character '2' < '9'.
a > c, because when converted to a structure, the number of sub-auths
is the first varying byte. a has 3, c has 0.
b < c, because after the sub-auth count comes the id_auth value
(big-endian, which doesn't matter in this case).
That made the function unreliable for sorting, AND for simple equality
tests. Also it leaked.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6722e80d1b3a252a1ed714be4a35185cd99971e3)
commit dcf393af595d92392382bddea6901e0998016ecb
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Apr 8 22:55:50 2024 +1200
s4:rpcsrv:samr: improve a comment in compare_msgRid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6229feab74a734190c302ee9b1cc36960669743d)
commit 8f0490150b4e713c37ee20cf72595da420d24842
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Apr 8 22:54:49 2024 +1200
s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs
Returning 0 on `(name1 == NULL || name2 == NULL)` made NULL equal to
everything, which confuses a sort (consider {A, B, NULL} where A > B,
but A == NULL == B).
The only caller is dnsserver_enumerate_records() which fails if it
finds a NULL in the sorted list. We make the happen more quickly by
sorting NULLs to the front.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7be535315a5eed5d5b7eaea025ecf9f55e772e8e)
commit d2aaed5d96900b116b69bebb7e6ce856130856d0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Apr 8 17:08:03 2024 +1200
s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 31c322874b8b65518cec945e05a42fd014e6390b)
commit de865f6c8b7a704467dadd901777304c2203fd3a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Apr 8 17:06:57 2024 +1200
lib/socket: rearrange iface_comp() to use NUMERIC_CMP
We rearrange rather than just replacing the subtraction, because that
would call ntohl() more than necessary, and I think the flow is a bit
clearer this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7ba6fcb93656e5e88e1d5bcd6002747aa64f0a3a)
commit 1d527c49df549f325ef977db8d591d6eacbb52d2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:54:02 2024 +1200
gensec: sort_gensec uses NUMERIC_CMP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit acaa1323d0337ae9339dfff9f856ea54725a86ac)
commit 2f6c5b6603fa06d467ea7037432bfa493b8d4cf7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:47:12 2024 +1200
s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP
usr->login_time is time_t, which is often bigger than int.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 75682e397b9cf22d04a5d80252554c6b2e376793)
commit 835594dea0e93e3df012ecb56ff27bfb6ba544ed
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:36:06 2024 +1200
dsdb:schema: use NUMERIC_CMP in place of uint32_cmp
uint32_cmp (introduced in 0c362597c0f933b3612bb17328c0a13b73d72e43
"fixed the sorting of schema attributes") was doing what NUMERIC_CMP
does, but it was adding an extra function call. This results in less
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8317a6173646d425dc99e08bbf3d6086b0086bc5)
commit 29b17d296c01a19b842efb7ad5adeed45ae26227
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:17:22 2024 +1200
s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 386216d4a158d8bafb0879a0a753da096a939b93)
commit 6893310bd793c4f403991cfa58eba5f5364b9067
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:12:56 2024 +1200
s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare
The first subtraction was between uint16_t, so is safe with 32 bit
int, but the second compared uint32_t, so was not safe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8b2605a5d9cc14f9e6ddf2db704cdca2f523d74e)
commit 94f38553adfbaaaa1ea00f32d4cce423726c8912
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:07:20 2024 +1200
s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9b73235d4957a487fbb3214fdfda6461a2cf0b21)
commit f61aabdb1a3d0f7bfefe067f1baa2318f85cc3a5
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 15:04:43 2024 +1200
ldb:dn: make ldb_dn_compare() self-consistent
We were returning -1 in all these cases:
ldb_dn_compare(dn, NULL);
ldb_dn_compare(NULL, dn);
ldb_dn_compare(NULL, NULL);
which would give strange results in sort, where this is often used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5fe488d515a8bb719bdeafb8b64d8479732b5ac8)
commit f3b6ec046a01260c8fabf331fcb06391afef6d31
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 14:58:48 2024 +1200
ldb:sort: generalise both-NULL check to equality check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 531f31df99341b2cb1afc42538022451ca771983)
commit a0a83539c304734f615954181a28a83111e0d87d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 14:55:27 2024 +1200
ldb:sort: check that elements have values
We assume no values is unlikely, since we have been dereferencing
->values[0] forever, with no known reports of trouble.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d4e69734c65ade0bbb398447012513a7f27e98bd)
commit 5f52991b93140fec7476d49e8f9719f8d42b617a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Apr 7 14:54:34 2024 +1200
ldb:mod:sort: rearrange NULL checks
There are further changes coming here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d785c1991c922150bab38c36cef3a799448ac304)
commit faed55f4f880f0cc566b185463c7e3b6e8e76bdd
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:33:47 2024 +1300
s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
(cherry picked from commit 81598b42455d6758941da532c668b6d4e969cc40)
commit 4d6f0ad643ca66435dc62d94d283301eee46b10b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:08:02 2024 +1300
s3:util:sharesec ace_compare() uses NUMERIC_CMP()
ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e35d54fd4d381df67ab9b4f8390e2109b2142678)
commit e3f491e31932dc9d37ac683c4b84d2e0d85fec9b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:56:48 2024 +1300
s3:smbcacls: use NUMERIC_CMP in ace_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 31101a9fa1503be9d8137e42466f57d85136a156)
commit 48494283a66aba0d9d0e4ecd0f98e0c221019cf1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:25:54 2024 +1300
s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()
v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5e99262aaf5fc6601f3859c8b060b680b11bf6ea)
commit 27becb5a7fcb7c2fc0d5c2779e9fb427a5fbaeaa
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:53:32 2024 +1300
s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a197be2003d7e248b1e1294f4ad5473f48762bce)
commit 20648aaf7fe9114b5c2440c6d353713b0e473137
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:16:21 2024 +1300
s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
expire_time is time_t, which is at least int-sized, so overflow is
possible (if this code ever runs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d8b97649ef4d3ccaf53878021be0e2d4824b982c)
commit 7acee3ae13a8b65b4f0d590113cfd6307c6da53c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:54:09 2024 +1300
s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 66d47537e42caa528c7fab670d9c35d27c513cce)
commit a326992c07d0a4764d8249a07c9b089fbde53aa0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:22:24 2024 +1300
s4:dns_server: use NUMERIC_CMP in rec_cmp()
dnsp_DnssrvRpcRecord.dwTimeStamp is uint32_t, making overflow possible.
dnsp_DnssrvRpcRecord.wType is an enum, which has the size of an int,
though it may be hard to set it to overflowing values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 42ead213484840121ce6bc0db22941ea0a019105)
commit c6ed9351f818ea79cb545ad3d1e27a6f065803b4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:10:45 2024 +1300
s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
SamEntry.idx is uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ed3ab87bdb0f6c6a9ea6323ed240fe267220b759)
commit 395050286724371f9f78e5c420016351d6ef3229
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:01:24 2024 +1300
s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
Although these are size_t, in practice TDB data is limited to 32 bit.
Even so, overflow of a signed int is possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit dd4a0c276813b2c8516061110a7e580aa9afcf40)
commit 886818f5abbaa63e154f5b63dc92880c1ad678be
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 13:53:58 2024 +1300
libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
These numbers are all 8 bit, so overflow is unlikely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 4641a97151783c2ae825582e91b4676d66dcb713)
commit bd548a92d42e73e89cfed4666f6e186d2606bc91
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 13:43:47 2024 +1300
libcli/security: use NUMERIC_CMP in dom_sid_compare()
sid->num_auths is always small (int8 < 16), so this is cosmetic only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cb94202c1cf990e871ee2e8e43c577a0e4b9ee6f)
commit c95b73014d3e3081e4288e4acc5a177475ce0b69
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 11:26:25 2024 +1300
ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 21a071e4864dd739840c2ad4adb0c71ec33f8427)
commit e0468b5a9edec8208a492f5260812981686071b5
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 11:22:58 2024 +1300
ldb: avoid non-transitive comparison in ldb_val_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5c36bc82415b246fccec9eae693da82b7aa45b81)
commit 7990f5a28415ad6ce8422f570f3a8a604bc91bac
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 11:07:06 2024 +1300
util:datablob: avoid non-transitive comparison in data_blob_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e1519c3667841ce27b15983eae378799ef9936f7)
commit f7e192e82f757c7c1cd3755f74b9be73c207a7d7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 17:43:03 2024 +1300
ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 838c68470299045c5b1c9bdbd527edbeedebf2d6)
commit 4fa00be308350ea581084fab6f1da437ca0d3308
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 17:32:48 2024 +1300
ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f78b964cd81db11097e78099c0699f571f20e126)
commit 1c6f16cdca9cd82a99642efead738cb355f2d534
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 16:16:44 2024 +1300
util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 997b72d79e651ddbc20e67006ae176229528dc6f)
commit 6a0daf6818b5c92b57b987334a5fc31a256c7afb
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 5 14:22:11 2024 +1300
lib/torture: add assert_int_{less,greater} macros
In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6159b098cf35a8043682bfd4c4ea17ef0da6e8ee)
commit ccd94628b5805ac126dd7b716c2f70ba7e098b7f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 16:13:07 2024 +1300
s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
This one was OK, as the numbers are tightly bound, but there is no
real reason not to do it safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3414a894ad6640fa8e282d650b1cc5319991545f)
commit f9a7ded26d139c630150d2e048082eb7901f81a6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 16:10:38 2024 +1300
s3:libsmb:namequery: note intransitivity in addr_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 4a9d274d43b1adac113419c649bbf530d180229d)
commit 77b78b453306a2176acd0b7d33f45aa51456c084
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 14:56:16 2024 +1300
util:charset:codepoints: codepoint_cmpi warning about non-transitivity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f07ae6990702f8806c0c815454b80a5596b7219a)
commit 64d55301410f8e60e54910dd03a4c9a58df1bb0e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 15:53:29 2024 +1300
util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 675fdeee3d6570fdf5a055890dc3386a8db5fd88)
commit 10c0087dac85477b8ead2511cb563598200edbe1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 17:23:15 2024 +1300
util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d4ce8231f986a359dc657cd1a6b416270a53c7d3)
commit eb8fd60e10c54926fb49bb665fed85dbe3536ee7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 15:49:55 2024 +1300
util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f788a399996a73b2aa206ec2b15f5943b06660e0)
commit d18a62836c0821983ff8f9b7001475210c9bc813
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 5 14:46:48 2024 +1300
torture:charset: test more of strcasecmp_m
We now test cases:
1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a512759d7b216cacc0a780b3304549b7945f919c)
commit 94b574cde1228563614df287c7de810deab2bac0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 5 14:43:42 2024 +1300
torture:charset: use < and > assertions for strncasecmp_m
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit dda0bb6fc71bae91f3158f69462cb79fdad210fb)
commit 767344ee5128025f3af6f89e935240dd344a1855
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Apr 5 13:14:38 2024 +1300
torture:charset: use < and > assertions for strcasecmp_m
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ac0a8cd92ca4497bfcfad30e2b4d47547b582b92)
commit be4965c69c8475b657503e52d394a2f3a7b4d1f9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 15:47:10 2024 +1300
util:binsearch: user NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 09c98ff1263eb05933f1956e201655dd41e28a0c)
commit 51fa8c0168e1bca4fdd0c2bde995593088c45199
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:55:54 2024 +1300
s4: use numeric_cmp in dns_common_sort_zones()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ee4ebcccd7d9d89dda59615b3653df2632fb1a5d)
commit f94b87da1be55dac076ef9a137da151412d943f8
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:55:27 2024 +1300
s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 623adcf4aae00ac06e82d98a75ce4644890501e6)
commit 3071a4af9a5a6095b73b997448fef03cf3e1c7b7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:52:50 2024 +1300
s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a6d76d6ee9f7cfcabe2c20b872b8b1cb598928a6)
commit 696cca23e3edbf1e89fdf0af978ca0461c632321
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:51:04 2024 +1300
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 75e51bd99b7a029afd98b55283eddad835319ed6)
commit 1b8ccbf031beecdb3824134dabcab296b9525a68
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:50:47 2024 +1300
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5150b318f4894a8036b2a394c446afd513f8cb60)
commit 9e19cc171172e2fbbae6448087babbe60f744f09
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 17:53:39 2024 +1300
ldb: add NUMERIC_CMP macro to ldb.h
In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.
ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit de1b94f79ea8694ecdddab4b455d539caa7e77e2)
commit b46af17050b78c19327fea537cd6d45fa89c4e3d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Apr 3 12:43:27 2024 +1300
util:tsort.h: add a macro for safely comparing numbers
In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:
* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
a - b = 1, which is wrong.
* if a and b are 64 bit pointers, a - b could wrap around many times in
a cmp function returning 32 bit ints. (We do this often).
The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:
https://www.openwall.com/lists/oss-security/2024/01/30/7
(We have replicated this bug in ldb_qsort).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5ab93f48c575db1a3c5a707258cc44f707a5eeb0)
commit 3a840553cfbf97ef434626afb657dd4b8ef16b2d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Mar 28 12:57:54 2024 +1300
lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8b6a584170eeb5082a188879be88e5f414b0be81)
commit c206d3d20c82d860ffe911025b8a5255f32858d6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Apr 4 11:06:00 2024 +1300
ldb: avoid out of bounds read and write in ldb_qsort()
If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:
https://www.openwall.com/lists/oss-security/2024/01/30/7
An example of a non-transitive compare is one in which does this
int cmp(const void *_a, const void *_b)
{
int a = *(int *)_a;
int b = *(int *)_b;
return a - b;
}
which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.
We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):
int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
if (c1 == c2 ||
toupper_m(c1) == toupper_m(c2)) {
return 0;
}
return c1 - c2;
}
The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
'a' == 'A'
'a' > 'B' (lowercase letters come after upper)
'A' < 'B'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 73e4f6026ad04b73074b413bd8c838ca48ffde7f)
commit e2191933876aab52bd039a7150d88e80df7aaac7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu May 30 10:44:24 2024 +1200
examples:winexe: embed Samba version as exe timestamp
It turns out the timestamp doesn't need to be real, and it isn't used,
but it might as well tell you something. So let's make it tell you what
version of Samba it came from, which could be useful for people who have
lots of old winexes lying around, the poor souls.
00000040 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000050 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000060 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000070 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
00000080 50 45 00 00 64 86 0a 00 00 15 04 00 00 00 00 00 |PE..d...........|
| | |
| | major 4.
| minor 21.
release 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri May 31 01:28:06 UTC 2024 on atb-devel-224
(cherry picked from commit 3a7dbf8b77b2a9e7cdc55bc5b339b9f501d037aa)
commit b1173444ff88a81cc6d72d1eb124e76022b771bc
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 28 11:34:51 2024 +1200
examples:winexe: reproducible builds with zero timestamp
Windows Portable Executable files have a timestamp field and a
checksum field. By default the timestamp field is updated to the
current time, which consequently changes the checksum. This makes the
build nondeterministic. It looks like this:
--- a/tmp/winexe-1/winexesvc64_exe_binary.c
+++ b/tmp/winexe-2/winexesvc64_exe_binary.c
@@ -23,7 +23,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
0x6D, 0x6F, 0x64, 0x65, 0x2E, 0x0D, 0x0D, 0x0A,
0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x50, 0x45, 0x00, 0x00, 0x64, 0x86, 0x0A, 0x00,
- 0xB2, 0x16, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
+ 0xD3, 0x3B, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xF0, 0x00, 0x2E, 0x02,
0x0B, 0x02, 0x02, 0x26, 0x00, 0x86, 0x00, 0x00,
0x00, 0xBA, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00,
@@ -33,7 +33,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x05, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x40, 0x01, 0x00, 0x00, 0x04, 0x00, 0x00,
- 0x73, 0xD7, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
+ 0x94, 0xFC, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format says
that a timestamp of zero can be used to represent a time that is not
"real or meaningful", so we do that.
As far as I can tell, the timestamp and checksum are only used in
DLLs, not directly executed .exe files.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e604f7575167d3572e1b67c6e77ab7273508533d)
commit e7c132a4a2cc3ff2803aff03f94e98615eb4e185
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 28 12:17:06 2024 +1200
buildtools:pidl: avoid hash randomisation in pidl
Like many languages, Perl uses has randomisation to prevent nasty
users using crafted values that hash to the same number to effect a
denial of service. This means the traversal order of perl HASH tables
is different every time.
The IDL handed to pidl is trusted, so we don't really need
randomisation, but we do want to be sure the build is the same every
time.
I am not aware of hash randomisation causing problems, but it seems
prudent to avoid it.
We do a similar thing with PYTHONHASHSEED for the entire build.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 068b366709d005275727a0e8929d272c04cb7bd8)
commit eb480df1baf2efdee1fd9b79e1548b17dc7a82db
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 29 12:14:04 2024 +1200
pidl:Typelist: resolveType(): don't mistake a reference for a name
This function is only used by Python.pm, and was assuming any argument
unrecognised by hasType is a name. It sometimes isn't, resulting in
structures like this:
{
'DATA' => {
'TYPE' => 'STRUCT'
},
'NAME' => {
'TYPE' => 'STRUCT',
'ALIGN' => undef,
'SURROUNDING_ELEMENT' => undef,
'ORIGINAL' => {
'TYPE' => 'STRUCT',
'FILE' => 'source3/librpc/idl/smbXsrv.idl',
'LINE' => 101,
'NAME' => 'tevent_context'
},
'ELEMENTS' => undef,
'NAME' => 'tevent_context',
'PROPERTIES' => undef
},
'TYPE' => 'TYPEDEF'
};
The problem with that is we end up with the HASH reference as a name
in Python bindings, like this
PyErr_SetString(PyExc_TypeError, "Can not convert C Type struct HASH(0x5e2dfe5ee278) from Python");
which makes the build nondeterministic (as well as making the message
a little mysterious).
I think all the structures for which this happens are marked
'[ignore]' in IDL, meaning they are not transmitted on the wire. They
should perhaps also not have useless Python getsetters, but let's call
that a different problem.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f3433f60b8ee83fc785a6e6838513de31bff5a6a)
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec_start.c | 2 +-
buildtools/wafsamba/samba_pidl.py | 4 +-
examples/winexe/wscript | 21 ++++++
examples/winexe/wscript_build | 4 +-
lib/fuzzing/decode_ndr_X_crash | 12 +++-
lib/ldb-samba/ldif_handlers.c | 94 ++++++++++++++++---------
lib/ldb/common/attrib_handlers.c | 53 +++++++++++---
lib/ldb/common/ldb_dn.c | 30 +++++++-
lib/ldb/common/ldb_msg.c | 13 +++-
lib/ldb/common/qsort.c | 2 +-
lib/ldb/include/ldb.h | 16 +++++
lib/ldb/modules/sort.c | 19 ++++-
lib/socket/interfaces.c | 22 +++---
lib/torture/torture.h | 20 ++++++
lib/util/charset/codepoints.c | 15 +++-
lib/util/charset/tests/charset.c | 31 ++++----
lib/util/charset/util_str.c | 9 +--
lib/util/data_blob.c | 5 +-
lib/util/tests/binsearch.c | 6 +-
lib/util/tests/test_ms_fnmatch.c | 2 +-
lib/util/tsort.h | 19 +++++
libcli/security/dom_sid.c | 14 ++--
pidl/lib/Parse/Pidl/Typelist.pm | 14 +++-
selftest/knownfail-32bit | 8 ---
source3/lib/util_tdb.c | 4 +-
source3/libsmb/libsmb_xattr.c | 14 ++--
source3/libsmb/namequery.c | 14 +++-
source3/libsmb/nmblib.c | 6 +-
source3/locking/brlock.c | 7 +-
source3/modules/posixacl_xattr.c | 6 +-
source3/modules/vfs_vxfs.c | 6 +-
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 2 +-
source3/utils/net_registry.c | 2 +-
source3/utils/sharesec.c | 8 +--
source3/utils/smbcacls.c | 15 ++--
source4/dns_server/dnsserver_common.c | 6 +-
source4/dsdb/samdb/ldb_modules/operational.c | 2 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 17 +++--
source4/dsdb/schema/schema_set.c | 14 ++--
source4/nbt_server/wins/winsdb.c | 5 +-
source4/nbt_server/wins/winsserver.c | 3 +-
source4/ntvfs/posix/pvfs_streams.c | 3 +-
source4/rpc_server/dnsserver/dnsdata.c | 16 ++++-
source4/rpc_server/samr/dcesrv_samr.c | 7 +-
44 files changed, 419 insertions(+), 173 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 072188a6752..bcf98bd5968 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -1103,7 +1103,7 @@ _PUBLIC_ const struct gensec_critical_sizes *gensec_interface_version(void)
}
static int sort_gensec(const struct gensec_security_ops **gs1, const struct gensec_security_ops **gs2) {
- return (*gs2)->priority - (*gs1)->priority;
+ return NUMERIC_CMP((*gs2)->priority, (*gs1)->priority);
}
int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value)
diff --git a/buildtools/wafsamba/samba_pidl.py b/buildtools/wafsamba/samba_pidl.py
index 72997c8bf84..e1010869cdd 100644
--- a/buildtools/wafsamba/samba_pidl.py
+++ b/buildtools/wafsamba/samba_pidl.py
@@ -81,7 +81,9 @@ def SAMBA_PIDL(bld, pname, source,
else:
cc = 'CC="%s"' % bld.CONFIG_GET("CC")
- t = bld(rule='cd ${PIDL_LAUNCH_DIR} && %s%s %s ${PERL} ${PIDL} --quiet ${OPTIONS} --outputdir ${OUTPUTDIR} -- "${IDLSRC}"' % (pidl_dev, cpp, cc),
+ t = bld(rule=('cd ${PIDL_LAUNCH_DIR} && PERL_HASH_SEED=0 %s%s %s ${PERL} '
+ '${PIDL} --quiet ${OPTIONS} --outputdir ${OUTPUTDIR} -- "${IDLSRC}"' %
+ (pidl_dev, cpp, cc)),
ext_out = '.c',
before = 'c',
update_outputs = True,
diff --git a/examples/winexe/wscript b/examples/winexe/wscript
index 6b311b1da41..c4f13b89f01 100644
--- a/examples/winexe/wscript
+++ b/examples/winexe/wscript
@@ -1,4 +1,6 @@
#!/usr/bin/env python
+import os
+
def configure(conf):
AR32 = ['i386', 'i586', 'i686']
@@ -27,5 +29,24 @@ def configure(conf):
conf.DEFINE('HAVE_WINEXE_CC_WIN64', 1);
break
+ source_date_epoch = os.environ.get('SOURCE_DATE_EPOCH')
+ if source_date_epoch is None:
+ # We use the version to make up the timestamp that will be
+ # embedded in winexe.exe, to keep the build reproducible.
+ #
+ # This is less evil than it sounds. According to Raymond Chen in
+ # https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705
+ # since Windows 10 the timestamp has been randomised.
+ #
+ # The purpose of the timestamp in Windows PE files seems to be
+ # to make spotting ABI changes in DLLs quicker, for which a
+ # random number is just as good as a real time. The timestamp
+ # in .exe files is not used.
+ import samba_version
+ v = samba_version.load_version(env=conf.env)
+ version = (v.MAJOR << 16) | (v.MINOR << 8) | v.RELEASE
+ source_date_epoch = str(version)
+
+ conf.env.SOURCE_DATE_EPOCH = source_date_epoch
conf.DEFINE("WINEXE_LDFLAGS",
"-s -Wall -Wl,-Bstatic -Wl,-Bdynamic -luserenv")
diff --git a/examples/winexe/wscript_build b/examples/winexe/wscript_build
index 364683405c2..1fe019c16b4 100644
--- a/examples/winexe/wscript_build
+++ b/examples/winexe/wscript_build
@@ -69,7 +69,7 @@ bld.SAMBA_GENERATOR(
'winexesvc32_exe',
source='winexesvc.c',
target='winexesvc32.exe',
- rule='${WINEXE_CC_WIN32} ${SRC} -o ${TGT} ${WINEXE_LDFLAGS}',
+ rule='SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} ${WINEXE_CC_WIN32} ${SRC} -o ${TGT} ${WINEXE_LDFLAGS}',
enabled=bld.env.build_winexe and bld.env.WINEXE_CC_WIN32)
vars = {"WINEXE_FN": "winexesvc32_exe_binary"}
@@ -89,7 +89,7 @@ bld.SAMBA_GENERATOR(
'winexesvc64_exe',
source='winexesvc.c',
target='winexesvc64.exe',
- rule='${WINEXE_CC_WIN64} ${SRC} -o ${TGT} ${WINEXE_LDFLAGS}',
+ rule='SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} ${WINEXE_CC_WIN64} ${SRC} -o ${TGT} ${WINEXE_LDFLAGS}',
enabled=bld.env.build_winexe and bld.env.WINEXE_CC_WIN64)
vars = {"WINEXE_FN": "winexesvc64_exe_binary"}
diff --git a/lib/fuzzing/decode_ndr_X_crash b/lib/fuzzing/decode_ndr_X_crash
index 63c3cd747d7..d90e7efe122 100755
--- a/lib/fuzzing/decode_ndr_X_crash
+++ b/lib/fuzzing/decode_ndr_X_crash
@@ -61,8 +61,9 @@ def process_one_file(f):
def main():
parser = argparse.ArgumentParser()
- parser.add_argument('-p', '--pipe', default='$PIPE',
- help='pipe name (for output command line)')
+ parser.add_argument('-p', '--pipe', default=None,
+ help=('pipe name (for output command line, '
+ 'default is a guess or "$PIPE")'))
parser.add_argument('-t', '--type', default=None, choices=TYPES,
help='restrict to this type')
parser.add_argument('-o', '--opnum', default=None, type=int,
@@ -91,6 +92,13 @@ def main():
sys.exit(1)
for fn in args.FILES:
+ if pipe is None:
+ m = re.search(r'clusterfuzz-testcase.+-fuzz_ndr_([a-z]+)', fn)
+ if m is None:
+ pipe = '$PIPE'
+ else:
+ pipe = m.group(1)
+
if args.crash_filter is not None:
if not re.search(args.crash_filter, fn):
print_if_verbose(f"skipping {fn}")
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index c30fd6358c8..4f9d67ec6a6 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -150,36 +150,47 @@ bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
/*
compare two objectSids
+
+ If the SIDs seem to be strings, they are converted to binary form.
*/
static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *v1, const struct ldb_val *v2)
{
- if (ldif_comparision_objectSid_isString(v1) && ldif_comparision_objectSid_isString(v2)) {
- return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
- } else if (ldif_comparision_objectSid_isString(v1)
- && !ldif_comparision_objectSid_isString(v2)) {
- struct ldb_val v;
- int ret;
- if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
- /* Perhaps not a string after all */
- return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+ bool v1_is_string = ldif_comparision_objectSid_isString(v1);
+ bool v2_is_string = ldif_comparision_objectSid_isString(v2);
+ struct ldb_val parsed_1 = {};
+ struct ldb_val parsed_2 = {};
+ int ret;
+ /*
+ * If the ldb_vals look like SID strings (i.e. start with "S-"
+ * or "s-"), we try to parse them as such. If that fails, we
+ * assume they are binary SIDs, even though that's not really
+ * possible -- the first two bytes of a struct dom_sid are the
+ * version (1), and the number of sub-auths (<= 15), neither
+ * of which are close to 'S' or '-'.
+ */
+ if (v1_is_string) {
+ int r = ldif_read_objectSid(ldb, mem_ctx, v1, &parsed_1);
+ if (r == 0) {
+ v1 = &parsed_1;
}
- ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
- talloc_free(v.data);
- return ret;
- } else if (!ldif_comparision_objectSid_isString(v1)
- && ldif_comparision_objectSid_isString(v2)) {
- struct ldb_val v;
- int ret;
- if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
- /* Perhaps not a string after all */
- return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+ }
+ if (v2_is_string) {
+ int r = ldif_read_objectSid(ldb, mem_ctx, v2, &parsed_2);
+ if (r == 0) {
+ v2 = &parsed_2;
}
- ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
- talloc_free(v.data);
- return ret;
}
- return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+
+ ret = ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+
+ if (v1_is_string) {
+ TALLOC_FREE(parsed_1.data);
+ }
+ if (v2_is_string) {
+ TALLOC_FREE(parsed_2.data);
+ }
+ return ret;
}
/*
@@ -1148,22 +1159,41 @@ static int samba_ldb_dn_link_comparison(struct ldb_context *ldb, void *mem_ctx,
struct ldb_dn *dn1 = NULL, *dn2 = NULL;
int ret;
+ /*
+ * In a sort context, Deleted DNs get shifted to the end.
+ * They never match in an equality
+ */
if (dsdb_dn_is_deleted_val(v1)) {
- /* If the DN is deleted, then we can't search for it */
- return -1;
- }
-
- if (dsdb_dn_is_deleted_val(v2)) {
- /* If the DN is deleted, then we can't search for it */
+ if (! dsdb_dn_is_deleted_val(v2)) {
+ return 1;
+ }
+ /*
+ * They are both deleted!
+ *
+ * The soundest thing to do at this point is carry on
+ * and compare the DNs normally. This matches the
+ * behaviour of samba_dn_extended_match() below.
+ */
+ } else if (dsdb_dn_is_deleted_val(v2)) {
return -1;
}
dn1 = ldb_dn_from_ldb_val(mem_ctx, ldb, v1);
- if ( ! ldb_dn_validate(dn1)) return -1;
-
dn2 = ldb_dn_from_ldb_val(mem_ctx, ldb, v2);
+
+ if ( ! ldb_dn_validate(dn1)) {
+ TALLOC_FREE(dn1);
+ if ( ! ldb_dn_validate(dn2)) {
+ TALLOC_FREE(dn2);
+ return 0;
+ }
+ TALLOC_FREE(dn2);
+ return 1;
+ }
+
if ( ! ldb_dn_validate(dn2)) {
- talloc_free(dn1);
+ TALLOC_FREE(dn1);
+ TALLOC_FREE(dn2);
return -1;
}
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c
index 15470cfcc74..3d13e4bd9fd 100644
--- a/lib/ldb/common/attrib_handlers.c
+++ b/lib/ldb/common/attrib_handlers.c
@@ -281,15 +281,36 @@ static int ldb_canonicalise_Boolean(struct ldb_context *ldb, void *mem_ctx,
}
/*
- compare two Booleans
-*/
+ * compare two Booleans.
+ *
+ * According to RFC4517 4.2.2, "the booleanMatch rule is an equality matching
+ * rule", meaning it isn't used for ordering.
+ *
+ * However, it seems conceivable that Samba could be coerced into sorting on a
+ * field with Boolean syntax, so we might as well have consistent behaviour in
+ * that case.
+ *
+ * The most probably values are {"FALSE", 5} and {"TRUE", 4}. To save time we
+ * compare first by length, which makes FALSE > TRUE. This is somewhat
+ * contrary to convention, but is how Samba has worked forever.
+ *
+ * If somehow we are comparing incompletely normalised values where the length
+ * is the same (for example {"false", 5} and {"TRUE\0", 5}), the length is the
+ * same, and we fall back to a strncasecmp. In this case, since "FALSE" is
+ * alphabetically lower, we swap the order, so that "TRUE\0" again comes
+ * before "FALSE".
+ *
+ * ldb_canonicalise_Boolean (just above) gives us a clue as to what we might
+ * expect to cope with by way of invalid values.
+ */
static int ldb_comparison_Boolean(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *v1, const struct ldb_val *v2)
{
if (v1->length != v2->length) {
- return v1->length - v2->length;
+ return NUMERIC_CMP(v2->length, v1->length);
}
- return strncasecmp((char *)v1->data, (char *)v2->data, v1->length);
+ /* reversed, see long comment above */
+ return strncasecmp((char *)v2->data, (char *)v1->data, v1->length);
}
@@ -300,7 +321,7 @@ int ldb_comparison_binary(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *v1, const struct ldb_val *v2)
{
if (v1->length != v2->length) {
- return v1->length - v2->length;
+ return NUMERIC_CMP(v1->length, v2->length);
}
return memcmp(v1->data, v2->data, v1->length);
}
@@ -372,17 +393,27 @@ utf8str:
b2 = ldb_casefold(ldb, mem_ctx, s2, n2);
if (!b1 || !b2) {
- /* One of the strings was not UTF8, so we have no
- * options but to do a binary compare */
+ /*
+ * One of the strings was not UTF8, so we have no
+ * options but to do a binary compare.
+ */
talloc_free(b1);
talloc_free(b2);
ret = memcmp(s1, s2, MIN(n1, n2));
if (ret == 0) {
- if (n1 == n2) return 0;
+ if (n1 == n2) {
+ return 0;
+ }
if (n1 > n2) {
- return (int)ldb_ascii_toupper(s1[n2]);
+ if (s1[n2] == '\0') {
+ return 0;
+ }
+ return 1;
} else {
- return -(int)ldb_ascii_toupper(s2[n1]);
+ if (s2[n1] == '\0') {
+ return 0;
+ }
+ return -1;
}
}
return ret;
@@ -404,7 +435,7 @@ utf8str:
while (*u1 == ' ') u1++;
while (*u2 == ' ') u2++;
}
- ret = (int)(*u1 - *u2);
+ ret = NUMERIC_CMP(*u1, *u2);
talloc_free(b1);
talloc_free(b2);
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 601da57a1b1..8388fdb7318 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1111,7 +1111,7 @@ int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
/* compare attr.cf_value. */
if (b_vlen != dn_vlen) {
- return b_vlen - dn_vlen;
+ return NUMERIC_CMP(b_vlen, dn_vlen);
}
ret = strncmp(b_vdata, dn_vdata, b_vlen);
if (ret != 0) return ret;
@@ -1132,8 +1132,32 @@ int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
{
unsigned int i;
int ret;
+ /*
+ * If used in sort, we shift NULL and invalid DNs to the end.
+ *
+ * If ldb_dn_casefold_internal() fails, that goes to the end too, so
+ * we end up with:
+ *
+ * | normal DNs, sorted | casefold failed DNs | invalid DNs | NULLs |
+ */
- if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
+ if (dn0 == dn1) {
+ /* this includes the both-NULL case */
+ return 0;
+ }
+ if (dn0 == NULL) {
+ return 1;
+ }
+ if (dn1 == NULL) {
+ return -1;
+ }
+ if (dn0->invalid && dn1->invalid) {
+ return 0;
+ }
+ if (dn0->invalid) {
+ return 1;
+ }
+ if (dn1->invalid) {
return -1;
}
@@ -1190,7 +1214,7 @@ int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
/* compare attr.cf_value. */
if (dn0_vlen != dn1_vlen) {
- return dn0_vlen - dn1_vlen;
+ return NUMERIC_CMP(dn0_vlen, dn1_vlen);
}
ret = strncmp(dn0_vdata, dn1_vdata, dn0_vlen);
if (ret != 0) {
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index afddbe40ef6..c334d70747a 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -93,7 +93,7 @@ struct ldb_val *ldb_msg_find_val(const struct ldb_message_element *el,
static int ldb_val_cmp(const struct ldb_val *v1, const struct ldb_val *v2)
{
if (v1->length != v2->length) {
- return v1->length - v2->length;
+ return NUMERIC_CMP(v1->length, v2->length);
}
return memcmp(v1->data, v2->data, v1->length);
}
@@ -749,9 +749,16 @@ int ldb_msg_element_compare(struct ldb_message_element *el1,
unsigned int i;
if (el1->num_values != el2->num_values) {
- return el1->num_values - el2->num_values;
+ return NUMERIC_CMP(el1->num_values, el2->num_values);
}
-
+ /*
+ * Note this is an inconsistent comparison, unsuitable for
+ * sorting. If A has values {a, b} and B has values {b, c},
+ * then
+ *
+ * ldb_msg_element_compare(A, B) returns -1, meaning A < B
+ * ldb_msg_element_compare(B, A) returns -1, meaning B < A
+ */
for (i=0;i<el1->num_values;i++) {
if (!ldb_msg_find_val(el2, &el1->values[i])) {
return -1;
diff --git a/lib/ldb/common/qsort.c b/lib/ldb/common/qsort.c
index 012aaf3c403..bae35e6b1b1 100644
--- a/lib/ldb/common/qsort.c
+++ b/lib/ldb/common/qsort.c
@@ -227,7 +227,7 @@ void ldb_qsort (void *const pbase, size_t total_elems, size_t size,
while ((run_ptr += size) <= end_ptr)
{
tmp_ptr = run_ptr - size;
- while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, opaque) < 0)
+ while (tmp_ptr > base_ptr && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, opaque) < 0)
tmp_ptr -= size;
tmp_ptr += size;
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 5d83a270573..98859d47b9a 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -2326,6 +2326,22 @@ do { \
} while (0)
#endif
+#ifndef NUMERIC_CMP
+/*
+ * NUMERIC_CMP is a safe replacement for `a - b` in comparison
+ * functions. It will work on integers, pointers, and floats.
+ *
+ * Rather than
+ *
+ * return a - b;
+ *
+ * use
+ *
+ * return NUMERIC_CMP(a, b);
+ */
+#define NUMERIC_CMP(a, b) (((a) > (b)) - ((a) < (b)))
+#endif
+
/**
diff --git a/lib/ldb/modules/sort.c b/lib/ldb/modules/sort.c
index cb6f8df440f..72c60fc894a 100644
--- a/lib/ldb/modules/sort.c
+++ b/lib/ldb/modules/sort.c
@@ -121,15 +121,28 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo
el1 = ldb_msg_find_element(*msg1, ac->attributeName);
el2 = ldb_msg_find_element(*msg2, ac->attributeName);
- if (!el1 && el2) {
+ /*
+ * NULL and empty elements sort at the end (regardless of ac->reverse flag).
+ * NULL elements come after empty ones.
+ */
+ if (el1 == el2) {
+ return 0;
+ }
+ if (el1 == NULL) {
return 1;
}
- if (el1 && !el2) {
+ if (el2 == NULL) {
return -1;
}
- if (!el1 && !el2) {
+ if (unlikely(el1->num_values == 0 && el2->num_values == 0)) {
return 0;
}
+ if (unlikely(el1->num_values == 0)) {
+ return 1;
+ }
+ if (unlikely(el2->num_values == 0)) {
+ return -1;
+ }
--
Samba Shared Repository
More information about the samba-cvs
mailing list