This is an automated email from the git hooks/post-receive script.
mreynolds pushed a change to branch 389-ds-base-1.3.6 in repository 389-ds-base.
from c81a5af Ticket 49436 - double free in COS in some conditions new d63858c Ticket 49441 - Import crashes with large indexed binary attributes
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: ldap/servers/slapd/back-ldbm/index.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-)
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.6 in repository 389-ds-base.
commit d63858c52e4013af074aaa07f79b3fd6f8d1de87 Author: Mark Reynolds mreynolds@redhat.com Date: Mon Nov 6 22:30:55 2017 -0500
Ticket 49441 - Import crashes with large indexed binary attributes
Bug Description: Importing an ldif file that contains entries with large binary attributes that are indexed crashes the server. The crash occurs when "encoding" the binary value to a string for debug logging, where we "underflow" the buffer space index which then allows the string buffer to overflow.
Fix Description: While filling the string buffer with the encoded binary value we need to make sure if the buffer space is greater than zero before decrementing it.
Also check if trace logging is being used before we actually call the logging function which calls the "encoded" function first. This way we avoid this costly "encoding" on every index call we make.
https://pagure.io/389-ds-base/issue/49441
Reviewed by: firstyear(Thanks!) --- ldap/servers/slapd/back-ldbm/index.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c index a3dac66..ac60707 100644 --- a/ldap/servers/slapd/back-ldbm/index.c +++ b/ldap/servers/slapd/back-ldbm/index.c @@ -808,7 +808,10 @@ encode (const struct berval* data, char buf[BUFSIZ]) bufSpace -= (s - first); } do { - *bufNext++ = '\'; --bufSpace; + if (bufSpace) { + *bufNext++ = '\'; + --bufSpace; + } if (bufSpace < 2) { memcpy (bufNext, "..", 2); bufNext += 2; @@ -903,8 +906,10 @@ index_read_ext_allids( slapi_log_err(SLAPI_LOG_ERR, "index_read_ext_allids", "NULL prefix\n"); return NULL; } - slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( "%s" %s "%s" )\n", - type, prefix, encode (val, buf)); + if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) { + slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( "%s" %s "%s" )\n", + type, prefix, encode (val, buf)); + }
basetype = typebuf; if ( (basetmp = slapi_attr_basetype( type, typebuf, sizeof(typebuf) )) @@ -1737,16 +1742,13 @@ addordel_values( */ key.flags = DB_DBT_USERMEM; key.ulen = tmpbuflen; -#ifdef LDAP_ERROR_LOGGING - /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE ) XXX */ - { + if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) { char encbuf[BUFSIZ];
slapi_log_err(SLAPI_LOG_TRACE, "addordel_values", "%s_value("%s")\n", (flags & BE_INDEX_ADD) ? "add" : "del", encoded (&key, encbuf)); } -#endif
if (NULL != txn) { db_txn = txn->back_txn_txn; @@ -1907,16 +1909,13 @@ addordel_values_sv( */ key.flags = DB_DBT_USERMEM; key.ulen = tmpbuflen; -#ifdef LDAP_ERROR_LOGGING - /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE ) XXX */ - { + if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) { char encbuf[BUFSIZ];
slapi_log_err(SLAPI_LOG_TRACE, "addordel_values_sv", "%s_value("%s")\n", (flags & BE_INDEX_ADD) ? "add" : "del", encoded (&key, encbuf)); } -#endif
if (NULL != txn) { db_txn = txn->back_txn_txn;
389-commits@lists.fedoraproject.org
-
git repository hosting