[PATCH] Revert SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL (bug 10493)

Stefan Metzmacher metze at samba.org
Mon Aug 17 08:30:59 UTC 2015


Am 17.08.2015 um 06:41 schrieb Andrew Bartlett:
> Sadly there is a segfault (DoS) bug in our new
> LDAP_MATCH_RULE_TRANSITIVE_EVAL support added back in March this year. 
> 
> https://bugzilla.samba.org/show_bug.cgi?id=10493
> 
> I've not had a chance to look into the details, but given that 4.3 RC3
> is due tomorrow, I don't want to take any chances and here is the patch
> to remove it again.
> 
> I've asked Adrian to look into this issue next, but this won't happen
> fast enough for 4.3 I fear.  
> 
> We have two options for master:
>  - keep the broken code and hope we get a patch soon
>  - apply the attached revert.
> 
> For 4.3, unless we get a patch and fix before 4.3rc3, I see no option
> other than to revert (possibly with cherry-pick markers).  
> 
> See attached.  Please discuss and review if appropriate. 

I'll push this to master and include it in 4.3.0rc3.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150817/f49efdd9/signature.sig>


More information about the samba-technical mailing list