ldb bug fixes
Adrian Cochrane
adrianc at catalyst.net.nz
Mon Nov 23 01:35:38 UTC 2015
It turns out that wouldn't be an easier fix because
/lib/talloc/talloc_guide.txt specifically states:
> talloc_realloc(context, ptr, type, 0) ==> talloc_free(ptr);
However I did take your advice and incorporated it into this updated
patch.
On Thu, Nov 19, 2015 at 8:25 PM, Volker Lendecke
<Volker.Lendecke at SerNet.DE> wrote:
> On Thu, Nov 19, 2015 at 04:18:16PM +1300, Adrian Cochrane wrote:
>> I caught and fixed a bug in LDB. This bug corrupted LDB database
>> searches when that database contained an empty DN record.
>>
>> I've attached my fix, please review.
>
>> From 34cf7347a9d35254f70bc7455c4ac2a591573652 Mon Sep 17 00:00:00
>> 2001
>> From: Adrian Cochrane <adrianc at catalyst.net.nz>
>> Date: Wed, 18 Nov 2015 15:25:20 +1300
>> Subject: [PATCH] ldb: Fix bug triggered by having an empty message
>> in database
>> during search.
>>
>> Previously if the message had 0 elements, Talloc would reallocate
>> the projected
>> array to NULL, fooling LDB into thinking that it failed to
>> reallocate. This fix
>
> Does talloc_array(ptr, size, 0) really return NULL? I think
> it should not.
>
>> corrects LDB to be able to handle the case where the message has no
>> attributes
>> in common with the filter.
>>
>> Also the realloc call resized the array to the number of elements
>> in the message,
>> not the number of elements in common with the filter -- it
>> essentially did nothing.
>>
>> Signed-off-by: Adrian Cochrane <adrianc at catalyst.net.nz>
>> ---
>> lib/ldb/ldb_tdb/ldb_search.c | 14 +++++++++++---
>> lib/ldb/tests/python/api.py | 29 +++++++++++++++++++++++++----
>> 2 files changed, 36 insertions(+), 7 deletions(-)
>>
>> diff --git a/lib/ldb/ldb_tdb/ldb_search.c
>> b/lib/ldb/ldb_tdb/ldb_search.c
>> index 1e7e7ea..7055af1 100644
>> --- a/lib/ldb/ldb_tdb/ldb_search.c
>> +++ b/lib/ldb/ldb_tdb/ldb_search.c
>> @@ -407,10 +407,18 @@ int ltdb_filter_attrs(struct ldb_message
>> *msg, const char * const *attrs)
>> }
>>
>> talloc_free(msg->elements);
>> - msg->elements = talloc_realloc(msg, el2, struct
>> ldb_message_element, msg->num_elements);
>> - if (msg->elements == NULL) {
>> - return -1;
>> +
>> + if (num_elements == 0) {
>> + msg->elements = NULL;
>> + talloc_free(el2);
>
> Do you really want to set msg->elements to NULL? This is in
> line with num_elements==0, but a non-NULL pointer might be
> safer. On the other hand, a NULL pointer will point out bugs
> quicker.
>
>> + } else if (num_elements > 0) {
>
> num_elements is unsigned, isn't this if clause redundant?
>
>> + msg->elements = talloc_realloc(msg, el2, struct
>> ldb_message_element,
>> + num_elements);
>> + if (msg->elements == NULL) {
>> + return -1;
>> + }
>> }
>> +
>
> A simpler patch might be a one-liner to just realloc to
> num_elements instead of msg->num_elements.
>
>> msg->num_elements = num_elements;
>
> ... or move this line up a bit :-)
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ldb-Fix-bug-triggered-by-having-an-empty-message-in-.patch
Type: text/x-patch
Size: 4045 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151123/57e77b87/0001-ldb-Fix-bug-triggered-by-having-an-empty-message-in-.bin>
More information about the samba-technical
mailing list