diff --git a/0001-ldb-Fix-index-out-of-bound-in-ldb_msg_find_common_va.patch b/0001-ldb-Fix-index-out-of-bound-in-ldb_msg_find_common_va.patch new file mode 100644 index 0000000..2035831 --- /dev/null +++ b/0001-ldb-Fix-index-out-of-bound-in-ldb_msg_find_common_va.patch @@ -0,0 +1,70 @@ +From a155daaa65c8727cc387360b0e9a91bf5d8ecf5d Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Tue, 4 Jul 2017 15:46:49 +0200 +Subject: [PATCH] ldb: Fix index out of bound in ldb_msg_find_common_values + +cmocka unit test failed on i386 +[==========] Running 2 test(s). +[ RUN ] test_ldb_msg_find_duplicate_val +[ OK ] test_ldb_msg_find_duplicate_val +[ RUN ] test_ldb_msg_find_common_values +[ FAILED ] test_ldb_msg_find_common_values +[==========] 2 test(s) run. +[ ERROR ] --- 0x14 != 0 +[ LINE ] --- ../tests/ldb_msg.c:266: error: Failure! +[ PASSED ] 1 test(s). +[ FAILED ] 1 test(s), listed below: +[ FAILED ] test_ldb_msg_find_common_values + 1 FAILED TEST(S) + +But we were just lucky on other platforms because there is +index out of bound according to valgrind error. + +==3298== Invalid read of size 4 +==3298== at 0x486FCF6: ldb_val_cmp (ldb_msg.c:95) +==3298== by 0x486FCF6: ldb_msg_find_common_values (ldb_msg.c:266) +==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265) +==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1) +==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1) +==3298== by 0x1089B7: main (ldb_msg.c:352) +==3298== Address 0x4b07734 is 4 bytes after a block of size 48 alloc'd +==3298== at 0x483223E: malloc (vg_replace_malloc.c:299) +==3298== by 0x4907AA7: _talloc_array (in /usr/lib/libtalloc.so.2.1.9) +==3298== by 0x486FBF8: ldb_msg_find_common_values (ldb_msg.c:245) +==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265) +==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1) +==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1) +==3298== by 0x1089B7: main (ldb_msg.c:352) +--- + lib/ldb/common/ldb_msg.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c +index abad5a8320551c09e64539b993b8c5408ccdd32a..8e4047b41beebcadeab9631bc820941f0eadc490 100644 +--- a/lib/ldb/common/ldb_msg.c ++++ b/lib/ldb/common/ldb_msg.c +@@ -262,20 +262,12 @@ int ldb_msg_find_common_values(struct ldb_context *ldb, + n_values = el->num_values; + i = 0; + j = 0; +- while (i != n_values) { ++ while (i != n_values && j < el2->num_values) { + int ret = ldb_val_cmp(&values[i], &values2[j]); + if (ret < 0) { + i++; + } else if (ret > 0) { + j++; +- if (j == el2->num_values) { +- /* +- We have walked past the end of the second +- list, meaning the remainder of the first +- list cannot collide and we're done. +- */ +- break; +- } + } else { + /* we have a collision */ + if (! remove_duplicates) { +-- +2.13.0 + diff --git a/libldb.spec b/libldb.spec index b74ff77..3afc21e 100644 --- a/libldb.spec +++ b/libldb.spec @@ -50,6 +50,7 @@ BuildRequires: python3-tevent Patch0001: 0001-ldb-Use-libraries-from-build-dir-for-testsuite.patch Patch0101: 0001-Revert-waf-disable-python-align-talloc-s-wscript.patch Patch0102: 0002-Revert-talloc-use-the-system-pytalloc-util-for-pytho.patch +Patch0103: 0001-ldb-Fix-index-out-of-bound-in-ldb_msg_find_common_va.patch %description An extensible library that implements an LDAP like API to access remote LDAP @@ -138,6 +139,7 @@ Development files for the Python bindings for the LDB library %patch0001 -p3 %patch0101 -p1 %patch0102 -p1 +%patch0103 -p3 %build