Ubuntu
openldap package

Merge ~ahasenack/ubuntu/+source/openldap:xenial-slapd-sasl-segfault-1688575 into ubuntu/+source/openldap:ubuntu/xenial-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/openldap
  3. xenial-slapd-sasl-segfault-1688575
  4. Merge into ubuntu/xenial-devel
Proposed by Andreas Hasenack
Status: Merged
Merged at revision: 499a8d56fdb3274996cdcac05d116db176aa6865
Proposed branch: ~ahasenack/ubuntu/+source/openldap:xenial-slapd-sasl-segfault-1688575
Merge into: ubuntu/+source/openldap:ubuntu/xenial-devel
Diff against target: 147 lines (+119/-0)
4 files modified
debian/changelog (+10/-0)
debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch (+31/-0)
debian/patches/ITS-8648-init-SASL-library-in-global-init.patch (+76/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+345944@code.launchpad.net

Commit message

  * Import upstream patches to fix memory corruption caused by calling
    sasl_client_init() multiple times and possibly concurrently.
    (ITS#8648) (LP: #1688575)

 -- Ryan Tandy <email address hidden> Mon, 14 May 2018 23:03:54 -0700

Description of the change

For a test case, please see the linked bug and its SRU template.

Here is a PPA with fixed packages: https://launchpad.net/~ahasenack/+archive/ubuntu/slapd-sasl-segfault-1688575

sudo add-apt-repository ppa:ahasenack/slapd-sasl-segfault-1688575

If this is approved, I can dput the package, but I'll need the upload tag to be pushed for me.

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Changelog: ok
Test and verification: ok
ppa fixing the bug: ok
ppa build has no other obvious issues: ok
Review changes: notes, see below

Note: I added the needed dependencies to the SRU template of your bug

I'd ask you to add a bit more to the dep3 headers, in particular a Origin with an URL.
I know your git exports files hold the sha, and if one knows the openldap repo he might find it.
But a real URL that gets you to the change would really be preferred.

Further we usually do a back-ref of the "Ubuntu-Bug: ..." from the .patch files to the bug number right? That would help to later maintain this more easily as well.

Finally the changelog doesn't refer to the .patch files. This last statement might be personal-style and not required - up to you.

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Note: I know this comes from a 3rd party provided debdiff, but we could/should clean up on the upload IMHO.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for the comments. Yeah, I always hesitate a bit with adding the ubuntu "touches" when a patch comes fully done like that from someone like that, but better clarity is good.

Changes pushed, please take another look.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for the Cleanup, LGTM now +1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

upload/2.4.42+dfsg-2ubuntu3.3 on 499a8d56fdb3274996cdcac05d116db176aa6865 pushed if you want to upload.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index b7a7257..3feead7 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,13 @@
6+openldap (2.4.42+dfsg-2ubuntu3.3) xenial; urgency=medium
7+
8+ [ Ryan Tandy ]
9+ * d/p/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch,
10+ d/p/ITS-8648-init-SASL-library-in-global-init.patch: Import upstream
11+ patches to fix memory corruption caused by calling sasl_client_init()
12+ multiple times and possibly concurrently. (ITS#8648) (LP: #1688575)
13+
14+ -- Andreas Hasenack <andreas@canonical.com> Tue, 22 May 2018 10:54:12 -0300
15+
16 openldap (2.4.42+dfsg-2ubuntu3.2) xenial-security; urgency=medium
17
18 * SECURITY UPDATE: denial of service via search with page size of 0
19diff --git a/debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch b/debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
20new file mode 100644
21index 0000000..8829a6a
22--- /dev/null
23+++ b/debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
24@@ -0,0 +1,31 @@
25+Description: check result of ldap_int_initialize in ldap_{get,set}_option
26+Author: Ryan Tandy <ryan@nardis.ca>
27+Origin: Upstream, http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=e437b12277c1cc8ec72e0f78f660137c60ffaad7
28+Bug: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8648;selectid=8648
29+Bug-Ubuntu: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8648;selectid=8648
30+Last-Update: 2018-05-22
31+
32+---
33+ libraries/libldap/options.c | 4 ++++
34+ 1 file changed, 4 insertions(+)
35+
36+--- a/libraries/libldap/options.c
37++++ b/libraries/libldap/options.c
38+@@ -106,6 +106,8 @@
39+
40+ if( lo->ldo_valid != LDAP_INITIALIZED ) {
41+ ldap_int_initialize(lo, NULL);
42++ if ( lo->ldo_valid != LDAP_INITIALIZED )
43++ return LDAP_LOCAL_ERROR;
44+ }
45+
46+ if(ld != NULL) {
47+@@ -446,6 +448,8 @@
48+
49+ if( lo->ldo_valid != LDAP_INITIALIZED ) {
50+ ldap_int_initialize(lo, dbglvl);
51++ if ( lo->ldo_valid != LDAP_INITIALIZED )
52++ return LDAP_LOCAL_ERROR;
53+ }
54+
55+ if(ld != NULL) {
56diff --git a/debian/patches/ITS-8648-init-SASL-library-in-global-init.patch b/debian/patches/ITS-8648-init-SASL-library-in-global-init.patch
57new file mode 100644
58index 0000000..dd54ecc
59--- /dev/null
60+++ b/debian/patches/ITS-8648-init-SASL-library-in-global-init.patch
61@@ -0,0 +1,76 @@
62+Description: init SASL library in global init
63+Author: Ryan Tandy <ryan@nardis.ca>
64+Origin: Upstream, http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=431c4af526b18abb4a18c2c4c8655690b753cbe5
65+Bug: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8648;selectid=8648
66+Bug-Ubuntu: https://launchpad.net/bugs/1688575
67+Last-Update: 2018-05-22
68+
69+---
70+ libraries/libldap/cyrus.c | 17 +++--------------
71+ libraries/libldap/init.c | 6 ++++++
72+ 2 files changed, 9 insertions(+), 14 deletions(-)
73+
74+--- a/libraries/libldap/cyrus.c
75++++ b/libraries/libldap/cyrus.c
76+@@ -69,14 +69,11 @@
77+ { SASL_CB_LIST_END, NULL, NULL }
78+ };
79+
80++/*
81++ * ldap_int_initialize is responsible for calling this only once.
82++ */
83+ int ldap_int_sasl_init( void )
84+ {
85+- /* XXX not threadsafe */
86+- static int sasl_initialized = 0;
87+-
88+- if ( sasl_initialized ) {
89+- return 0;
90+- }
91+
92+ /* SASL 2 takes care of its own memory completely internally */
93+ #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC)
94+@@ -96,7 +93,6 @@
95+ #endif
96+
97+ if ( sasl_client_init( NULL ) == SASL_OK ) {
98+- sasl_initialized = 1;
99+ return 0;
100+ }
101+
102+@@ -307,11 +303,6 @@
103+ return ld->ld_errno;
104+ }
105+
106+- if ( ldap_int_sasl_init() ) {
107+- ld->ld_errno = LDAP_LOCAL_ERROR;
108+- return ld->ld_errno;
109+- }
110+-
111+ #if SASL_VERSION_MAJOR >= 2
112+ rc = sasl_client_new( "ldap", host, NULL, NULL,
113+ client_callbacks, 0, &ctx );
114+@@ -891,8 +882,6 @@
115+ ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
116+ {
117+ if ( option == LDAP_OPT_X_SASL_MECHLIST ) {
118+- if ( ldap_int_sasl_init() )
119+- return -1;
120+ *(char ***)arg = (char **)sasl_global_listmech();
121+ return 0;
122+ }
123+--- a/libraries/libldap/init.c
124++++ b/libraries/libldap/init.c
125+@@ -658,6 +658,12 @@
126+ if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
127+ #endif
128+
129++#ifdef HAVE_CYRUS_SASL
130++ if ( ldap_int_sasl_init() != 0 ) {
131++ return;
132++ }
133++#endif
134++
135+ ldap_int_initialize_global_options(gopts, dbglvl);
136+
137+ if( getenv("LDAPNOINIT") != NULL ) {
138diff --git a/debian/patches/series b/debian/patches/series
139index 5c8c549..5ef63f3 100644
140--- a/debian/patches/series
141+++ b/debian/patches/series
142@@ -29,3 +29,5 @@ ITS8240-remove-obsolete-assert.patch
143 fix-ldap-distribution.patch
144 ITS8385-fix-use-after-free-with-GnuTLS
145 CVE-2017-9287.patch
146+ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
147+ITS-8648-init-SASL-library-in-global-init.patch

Subscribers

People subscribed via source and target branches