This is an automated email from the git hooks/post-receive script. mreynolds pushed a commit to branch 389-ds-base-1.3.6 in repository 389-ds-base. commit d63858c52e4013af074aaa07f79b3fd6f8d1de87 Author: Mark Reynolds <mreynolds(a)redhat.com&gt; Date: Mon Nov 6 22:30:55 2017 -0500 Ticket 49441 - Import crashes with large indexed binary attributes Bug Description: Importing an ldif file that contains entries with large binary attributes that are indexed crashes the server. The crash occurs when "encoding" the binary value to a string for debug logging, where we "underflow" the buffer space index which then allows the string buffer to overflow. Fix Description: While filling the string buffer with the encoded binary value we need to make sure if the buffer space is greater than zero before decrementing it. Also check if trace logging is being used before we actually call the logging function which calls the "encoded" function first. This way we avoid this costly "encoding" on every index call we make. https://pagure.io/389-ds-base/issue/49441 Reviewed by: firstyear(Thanks!) --- ldap/servers/slapd/back-ldbm/index.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c index a3dac66..ac60707 100644 --- a/ldap/servers/slapd/back-ldbm/index.c +++ b/ldap/servers/slapd/back-ldbm/index.c @@ -808,7 +808,10 @@ encode (const struct berval* data, char buf[BUFSIZ]) bufSpace -= (s - first); } do { - *bufNext++ = '\\'; --bufSpace; + if (bufSpace) { + *bufNext++ = '\\'; + --bufSpace; + } if (bufSpace < 2) { memcpy (bufNext, "..", 2); bufNext += 2; @@ -903,8 +906,10 @@ index_read_ext_allids( slapi_log_err(SLAPI_LOG_ERR, "index_read_ext_allids", "NULL prefix\n"); return NULL; } - slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( \"%s\" %s \"%s\" )\n", - type, prefix, encode (val, buf)); + if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) { + slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( \"%s\" %s \"%s\" )\n", + type, prefix, encode (val, buf)); + } basetype = typebuf; if ( (basetmp = slapi_attr_basetype( type, typebuf, sizeof(typebuf) )) @@ -1737,16 +1742,13 @@ addordel_values( */ key.flags = DB_DBT_USERMEM; key.ulen = tmpbuflen; -#ifdef LDAP_ERROR_LOGGING - /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE ) XXX */ - { + if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) { char encbuf[BUFSIZ]; slapi_log_err(SLAPI_LOG_TRACE, "addordel_values", "%s_value(\"%s\")\n", (flags & BE_INDEX_ADD) ? "add" : "del", encoded (&key, encbuf)); } -#endif if (NULL != txn) { db_txn = txn->back_txn_txn; @@ -1907,16 +1909,13 @@ addordel_values_sv( */ key.flags = DB_DBT_USERMEM; key.ulen = tmpbuflen; -#ifdef LDAP_ERROR_LOGGING - /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE ) XXX */ - { + if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) { char encbuf[BUFSIZ]; slapi_log_err(SLAPI_LOG_TRACE, "addordel_values_sv", "%s_value(\"%s\")\n", (flags & BE_INDEX_ADD) ? "add" : "del", encoded (&key, encbuf)); } -#endif if (NULL != txn) { db_txn = txn->back_txn_txn; -- To stop receiving notification emails like this one, please contact the administrator of this repository.