rpms / libldb

Clone
Source Code
GIT

Blame ldb_canon_zero.patch

el5 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   e8212b6212842586620a4518e76c096a8a9bfb41
  2.   ldb_canon_zero.patch
Blob History Raw
Jakub Hrozek e8212b6 
From 7d38a883dae528a0216733b4d831f2f20aa9c04b Mon Sep 17 00:00:00 2001
Jakub Hrozek e8212b6 
From: Jeremy Allison <jra@samba.org>
Jakub Hrozek e8212b6 
Date: Tue, 9 Jun 2015 12:42:10 -0700
Jakub Hrozek e8212b6 
Subject: [PATCH 1/9] CVE-2015-3223: lib: ldb: Cope with canonicalise_fn
Jakub Hrozek e8212b6 
 returning string "", length 0.
Jakub Hrozek e8212b6
Jakub Hrozek e8212b6 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325
Jakub Hrozek e8212b6
Jakub Hrozek e8212b6 
Signed-off-by: Jeremy Allison <jra@samba.org>
Jakub Hrozek e8212b6 
Reviewed-by: Ralph Boehme <slow@samba.org>
Jakub Hrozek e8212b6 
---
Jakub Hrozek e8212b6 
 lib/ldb/common/ldb_match.c | 16 +++++++++++++++-
Jakub Hrozek e8212b6 
 1 file changed, 15 insertions(+), 1 deletion(-)
Jakub Hrozek e8212b6
Jakub Hrozek e8212b6 
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
Jakub Hrozek e8212b6 
index a493dae..7414289 100644
Jakub Hrozek e8212b6 
--- a/lib/ldb/common/ldb_match.c
Jakub Hrozek e8212b6 
+++ b/lib/ldb/common/ldb_match.c
Jakub Hrozek e8212b6 
@@ -271,6 +271,14 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
Jakub Hrozek e8212b6 
 		if (cnk.length > val.length) {
Jakub Hrozek e8212b6 
 			goto mismatch;
Jakub Hrozek e8212b6 
 		}
Jakub Hrozek e8212b6 
+		/*
Jakub Hrozek e8212b6 
+		 * Empty strings are returned as length 0. Ensure
Jakub Hrozek e8212b6 
+		 * we can cope with this.
Jakub Hrozek e8212b6 
+		 */
Jakub Hrozek e8212b6 
+		if (cnk.length == 0) {
Jakub Hrozek e8212b6 
+			goto mismatch;
Jakub Hrozek e8212b6 
+		}
Jakub Hrozek e8212b6 
+
Jakub Hrozek e8212b6 
 		if (memcmp((char *)val.data, (char *)cnk.data, cnk.length) != 0) goto mismatch;
Jakub Hrozek e8212b6 
 		val.length -= cnk.length;
Jakub Hrozek e8212b6 
 		val.data += cnk.length;
Jakub Hrozek e8212b6 
@@ -284,7 +292,13 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
Jakub Hrozek e8212b6 
 		chunk = tree->u.substring.chunks[c];
Jakub Hrozek e8212b6 
 		if(a->syntax->canonicalise_fn(ldb, ldb, chunk, &cnk) != 0) goto mismatch;
Jakub Hrozek e8212b6
Jakub Hrozek e8212b6 
-		/* FIXME: case of embedded nulls */
Jakub Hrozek e8212b6 
+		/*
Jakub Hrozek e8212b6 
+		 * Empty strings are returned as length 0. Ensure
Jakub Hrozek e8212b6 
+		 * we can cope with this.
Jakub Hrozek e8212b6 
+		 */
Jakub Hrozek e8212b6 
+		if (cnk.length == 0) {
Jakub Hrozek e8212b6 
+			goto mismatch;
Jakub Hrozek e8212b6 
+		}
Jakub Hrozek e8212b6 
 		p = strstr((char *)val.data, (char *)cnk.data);
Jakub Hrozek e8212b6 
 		if (p == NULL) goto mismatch;
Jakub Hrozek e8212b6 
 		if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) {
Jakub Hrozek e8212b6 
--
Jakub Hrozek e8212b6 
2.5.0
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.