[PATCH] fix ldbsearch crush with invalid distinguishedname

Andrej Gessel andrej.gessel at janztec.com
Fri Apr 6 16:25:58 UTC 2018 

Hello,

if I run "ldbsearch '(distinguishedName=abc)' I get following output:

===============================================================
INTERNAL ERROR: Signal 11 in pid 5500 (4.8.0)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
smb_panic(): calling panic action [/bin/sleep 999999999]
^Csmb_panic(): action returned status 0
PANIC: internal error
[1]    5500 abort (core dumped)  ldbsearch distinguishedName=abc

Samba version 4.8.0 and master.

Attached are 2 Patches:

1) I tried to test it, but it doesn't really work. I think someone can 
write better test for it, as me.

2) Patch to fix this issue.


Andrej

-------------- next part --------------
From 1d3a6f4e9ceae0f26229db443e3b2cb8a7c21ba3 Mon Sep 17 00:00:00 2001
From: Andrej Gessel <Andrej.Gessel at janztec.com>
Date: Fri, 6 Apr 2018 18:14:45 +0200
Subject: [PATCH 1/2] [PATCH] Add testing for ldbsearch with invalid
 distinguishedName

ldbsearch 'distinguishedName=abc' cause SIGSEGV

Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
---
 lib/ldb/tests/test-generic.sh | 1 +
 selftest/knownfail.d/ldb.base | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 selftest/knownfail.d/ldb.base

diff --git a/lib/ldb/tests/test-generic.sh b/lib/ldb/tests/test-generic.sh
index 8177da5..2f1ddc4 100755
--- a/lib/ldb/tests/test-generic.sh
+++ b/lib/ldb/tests/test-generic.sh
@@ -87,6 +87,7 @@ $VALGRIND ldbsearch '(&(uid=uham)(title=foo\blah))' uid && exit 1
 $VALGRIND ldbsearch '((' uid || exit 1
 $VALGRIND ldbsearch '(objectclass=)' uid || exit 1
 $VALGRIND ldbsearch -b 'cn=Hampster Ursula,ou=Alumni Association,ou=People,o=University of Michigan,c=TEST' -s base "" sn || exit 1
+$VALGRIND ldbsearch 'distinguishedName=abc' uid || exit 1
 
 echo "Test wildcard match"
 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif  || exit 1
diff --git a/selftest/knownfail.d/ldb.base b/selftest/knownfail.d/ldb.base
new file mode 100644
index 0000000..6018160
--- /dev/null
+++ b/selftest/knownfail.d/ldb.base
@@ -0,0 +1 @@
+^ldb.base
\ No newline at end of file
-- 
2.7.4

-------------- next part --------------
From 804491723506377b42419c645d7f9d8314ce6dfe Mon Sep 17 00:00:00 2001
From: Andrej Gessel <Andrej.Gessel at janztec.com>
Date: Fri, 6 Apr 2018 18:18:33 +0200
Subject: [PATCH 2/2] [PATCH] Add NULL check for ldb_dn_get_casefold() in
 ltdb_index_dn_attr()

Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
---
 lib/ldb/ldb_tdb/ldb_index.c   | 9 +++++++++
 selftest/knownfail.d/ldb.base | 1 -
 2 files changed, 9 insertions(+), 1 deletion(-)
 delete mode 100644 selftest/knownfail.d/ldb.base

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 59434f3..9697b8c 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -1582,6 +1582,15 @@ static int ltdb_index_dn_attr(struct ldb_module *module,
 
 	/* work out the index key from the parent DN */
 	val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn));
+	if (val.data == NULL) {
+		const char *dn_str = ldb_dn_get_linearized(dn);
+		ldb_asprintf_errstring(ldb_module_get_ctx(module),
+				       __location__
+				       ": Failed to get casefold DN"
+				       "from: %s",
+				       dn_str);
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
 	val.length = strlen((char *)val.data);
 	key = ltdb_index_key(ldb, ltdb, attr, &val, NULL, truncation);
 	if (!key) {
diff --git a/selftest/knownfail.d/ldb.base b/selftest/knownfail.d/ldb.base
deleted file mode 100644
index 6018160..0000000
--- a/selftest/knownfail.d/ldb.base
+++ /dev/null
@@ -1 +0,0 @@
-^ldb.base
\ No newline at end of file
-- 
2.7.4

More information about the samba-technical mailing list