Merge lp:~s-roel/ubuntu/precise/openldap/bug-1216650 into lp:ubuntu/precise-proposed/openldap

Proposed by Roel Standaert
Status: Work in progress
Proposed branch: lp:~s-roel/ubuntu/precise/openldap/bug-1216650
Merge into: lp:ubuntu/precise-proposed/openldap
Diff against target: 113 lines (+93/-0)
3 files modified
debian/changelog (+10/-0)
debian/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch (+82/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~s-roel/ubuntu/precise/openldap/bug-1216650
Reviewer Review Type Date Requested Status
Ubuntu Development Team Pending
Review via email: mp+183312@code.launchpad.net

Description of the change

This branch contains the upstream fix for bug #1216650.

To post a comment you must log in.
Revision history for this message
Robie Basak (racb) wrote :

Uploaded, pending SRU team approval.

Unmerged revisions

54. By Roel Standaert

* Backport fix for back-mdb, fixes crash when deleting an entry
  that contains an indexed numeric attribute (LP: #1216650):
  - d/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch:
    Upstream patch to make sure that lutil_str2bin does not
    attempt to modify its input.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-06-04 09:00:09 +0000
3+++ debian/changelog 2013-08-31 07:06:39 +0000
4@@ -1,3 +1,13 @@
5+openldap (2.4.28-1.1ubuntu4.4) precise-proposed; urgency=low
6+
7+ * Backport fix for back-mdb, fixes crash when deleting an entry
8+ that contains an indexed numeric attribute (LP: #1216650):
9+ - d/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch:
10+ Upstream patch to make sure that lutil_str2bin does not
11+ attempt to modify its input.
12+
13+ -- Roel Standaert <roel@standaert.info> Sat, 31 Aug 2013 08:29:45 +0200
14+
15 openldap (2.4.28-1.1ubuntu4.3) precise-proposed; urgency=low
16
17 * Avoid deadlocks in back-bdb that truncate slapcat output (LP: #1185908):
18
19=== added file 'debian/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch'
20--- debian/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch 1970-01-01 00:00:00 +0000
21+++ debian/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch 2013-08-31 07:06:39 +0000
22@@ -0,0 +1,82 @@
23+--- a/libraries/liblutil/utils.c 2012-01-23 10:01:13 +0000
24++++ b/libraries/liblutil/utils.c 2013-08-30 13:42:29 +0000
25+@@ -714,8 +714,6 @@
26+ * Output buffer must be provided, bv_len must indicate buffer size
27+ * Hex input can be "0x1234" or "'1234'H"
28+ *
29+- * Temporarily modifies the input string.
30+- *
31+ * Note: High bit of binary form is always the sign bit. If the number
32+ * is supposed to be positive but has the high bit set, a zero byte
33+ * is prepended. It is assumed that this has already been handled on
34+@@ -724,7 +722,7 @@
35+ int
36+ lutil_str2bin( struct berval *in, struct berval *out, void *ctx )
37+ {
38+- char *pin, *pout, ctmp;
39++ char *pin, *pout;
40+ char *end;
41+ int i, chunk, len, rc = 0, hex = 0;
42+ if ( !out || !out->bv_val || out->bv_len < in->bv_len )
43+@@ -749,6 +747,8 @@
44+ if ( hex ) {
45+ #define HEXMAX (2 * sizeof(long))
46+ unsigned long l;
47++ char tbuf[HEXMAX+1];
48++
49+ /* Convert a longword at a time, but handle leading
50+ * odd bytes first
51+ */
52+@@ -758,11 +758,10 @@
53+
54+ while ( len ) {
55+ int ochunk;
56+- ctmp = pin[chunk];
57+- pin[chunk] = '\0';
58++ memcpy( tbuf, pin, chunk );
59++ tbuf[chunk] = '\0';
60+ errno = 0;
61+- l = strtoul( pin, &end, 16 );
62+- pin[chunk] = ctmp;
63++ l = strtoul( tbuf, &end, 16 );
64+ if ( errno )
65+ return -1;
66+ ochunk = (chunk + 1)/2;
67+@@ -778,10 +777,12 @@
68+ out->bv_len = pout - out->bv_val;
69+ } else {
70+ /* Decimal */
71++#define DECMAX 8 /* 8 digits at a time */
72+ char tmpbuf[64], *tmp;
73+ lutil_int_decnum num;
74+ int neg = 0;
75+ long l;
76++ char tbuf[DECMAX+1];
77+
78+ len = in->bv_len;
79+ pin = in->bv_val;
80+@@ -795,8 +796,6 @@
81+ pin++;
82+ }
83+
84+-#define DECMAX 8 /* 8 digits at a time */
85+-
86+ /* tmp must be at least as large as outbuf */
87+ if ( out->bv_len > sizeof(tmpbuf)) {
88+ tmp = ber_memalloc_x( out->bv_len, ctx );
89+@@ -808,11 +807,10 @@
90+ chunk = DECMAX;
91+
92+ while ( len ) {
93+- ctmp = pin[chunk];
94+- pin[chunk] = '\0';
95++ memcpy( tbuf, pin, chunk );
96++ tbuf[chunk] = '\0';
97+ errno = 0;
98+- l = strtol( pin, &end, 10 );
99+- pin[chunk] = ctmp;
100++ l = strtol( tbuf, &end, 10 );
101+ if ( errno ) {
102+ rc = -1;
103+ goto decfail;
104+
105
106=== modified file 'debian/patches/series'
107--- debian/patches/series 2013-06-04 09:00:09 +0000
108+++ debian/patches/series 2013-08-31 07:06:39 +0000
109@@ -23,3 +23,4 @@
110 its-7107-fix-Operation-init-on-reuse.diff
111 shell-config
112 bdb-deadlock.patch
113+its-7174-lutil_str2bin-cant-modify-input-strings.patch

Subscribers

People subscribed via source and target branches