Ubuntu
openldap package

Merge ~lucaskanashiro/ubuntu/+source/openldap:ubuntu/bionic/fix-slapd-seg-fault-1838370 into ubuntu/+source/openldap:ubuntu/bionic-devel

  1. Git
  2. lp:~lucaskanashiro/ubuntu/+source/openldap
  3. ubuntu/bionic/fix-slapd-seg-fault-1838370
  4. Merge into ubuntu/bionic-devel
Proposed by Lucas Kanashiro
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 9f80d7055dcf38e47e01817f95e7563489ca488a
Merged at revision: 9f80d7055dcf38e47e01817f95e7563489ca488a
Proposed branch: ~lucaskanashiro/ubuntu/+source/openldap:ubuntu/bionic/fix-slapd-seg-fault-1838370
Merge into: ubuntu/+source/openldap:ubuntu/bionic-devel
Diff against target: 70 lines (+48/-0)
3 files modified
debian/changelog (+6/-0)
debian/patches/rwm-do-not-free-original-filter.patch (+41/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Review via email: mp+371148@code.launchpad.net

Description of the change

The upstream patch to fix slapd crash reported in [1] was applied. It fixes the rwm overlay module which was freeing some memory when it was still needed, causing segmentation faults. More info about it in d/p/rwm-do-not-free-original-filter.patch and in the bug report itself [1], including how to test it. There is also a PPA for testing purpose available [2].

[1] https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1838370
[2] https://launchpad.net/~lucaskanashiro/+archive/ubuntu/bionic-openldap-slapd-segfault-1838370/

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Discussed in the disco MP [1] +1 under the condition that the test steps will be refined to work reliable (they didn't for me)

[1]: https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/openldap/+git/openldap/+merge/371147

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Everything is fine as you can see in the other MP [1]. Thanks for the approval, please upload it.

[1]: https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/openldap/+git/openldap/+merge/371147

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

tagged and sponsored to -unapproved

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 79e3456..2a6bf4c 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,9 @@
6+openldap (2.4.45+dfsg-1ubuntu1.4) bionic; urgency=medium
7+
8+ * d/p/rwm-do-not-free-original-filter.patch: Fix slapd segfault (LP: #1838370)
9+
10+ -- Lucas Kanashiro <lucas.kanashiro@canonical.com> Thu, 08 Aug 2019 15:08:36 -0300
11+
12 openldap (2.4.45+dfsg-1ubuntu1.3) bionic-security; urgency=medium
13
14 * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
15diff --git a/debian/patches/rwm-do-not-free-original-filter.patch b/debian/patches/rwm-do-not-free-original-filter.patch
16new file mode 100644
17index 0000000..ea02ec3
18--- /dev/null
19+++ b/debian/patches/rwm-do-not-free-original-filter.patch
20@@ -0,0 +1,41 @@
21+From d40b357f5da9a94d2f4f541c21bde02610d9cd3b Mon Sep 17 00:00:00 2001
22+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
23+Date: Mon, 17 Jun 2019 12:49:25 +0200
24+Subject: [PATCH] ITS#8964 Do not free original filter
25+
26+---
27+ servers/slapd/overlays/rwm.c | 12 ++++++++----
28+ 1 file changed, 8 insertions(+), 4 deletions(-)
29+
30+Origin: upstream, http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=d40b357f5da9a94d2f4f541c21bde02610d9cd3b
31+Bug: https://openldap.org/its/?findid=8964
32+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1838370
33+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934277
34+
35+diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c
36+index 0f1b00d793..d863a23910 100644
37+--- a/servers/slapd/overlays/rwm.c
38++++ b/servers/slapd/overlays/rwm.c
39+@@ -125,11 +125,15 @@ rwm_op_rollback( Operation *op, SlapReply *rs, rwm_op_state *ros )
40+ break;
41+ case LDAP_REQ_SEARCH:
42+ op->o_tmpfree( ros->mapped_attrs, op->o_tmpmemctx );
43+- filter_free_x( op, op->ors_filter, 1 );
44+- op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
45+ op->ors_attrs = ros->ors_attrs;
46+- op->ors_filter = ros->ors_filter;
47+- op->ors_filterstr = ros->ors_filterstr;
48++ if ( op->ors_filter != ros->ors_filter ) {
49++ filter_free_x( op, op->ors_filter, 1 );
50++ op->ors_filter = ros->ors_filter;
51++ }
52++ if ( op->ors_filterstr.bv_val != ros->ors_filterstr.bv_val ) {
53++ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
54++ op->ors_filterstr = ros->ors_filterstr;
55++ }
56+ break;
57+ case LDAP_REQ_EXTENDED:
58+ if ( op->ore_reqdata != ros->ore_reqdata ) {
59+--
60+2.20.1
61+
62diff --git a/debian/patches/series b/debian/patches/series
63index 45024f7..30b7d63 100644
64--- a/debian/patches/series
65+++ b/debian/patches/series
66@@ -32,3 +32,4 @@ CVE-2019-13057-2.patch
67 CVE-2019-13057-3.patch
68 CVE-2019-13057-4.patch
69 CVE-2019-13565.patch
70+rwm-do-not-free-original-filter.patch

Subscribers

People subscribed via source and target branches