From f44463a52bfb01c7dcc3ff46f9b43da18f3d178a Mon Sep 17 00:00:00 2001

From: Rich Megginson <rmeggins@redhat.com>

Date: Fri, 26 Jul 2013 08:36:29 -0600

Subject: [PATCH 157/225] Ticket 47427 - Overflow in

 nsslapd-disk-monitoring-threshold

Bug Description:  If you directory try and set the threshold to -2,

                  the server allows it, but it should be rejected.

Fix Description:  With PR_snprintf and other NSPR formatting functions,

                  %lld must be used with LONG_MAX, instead of %ld which

                  must be used with regular printf.

https://fedorahosted.org/389/ticket/47427

Reviewed by: mreynolds (Thanks!)

(cherry picked from commit 5df006bd765163279f14cfbb0a136c15c69bed5b)

(cherry picked from commit 0b5fede023836b8b41a31c0106775767f306d21d)

(cherry picked from commit b8c921f201929ec15974f2ccbe36af5caf74c74c)

(cherry picked from commit 874f40e7e775b7f71b50bd5c775da45d3f7dc888)

---

 ldap/servers/slapd/libglobs.c | 31 ++++++++++++++++---------------

 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c

index 930fd72..0fc9022 100644

--- a/ldap/servers/slapd/libglobs.c

+++ b/ldap/servers/slapd/libglobs.c

@@ -679,8 +679,8 @@ static struct config_get_and_set {

 		(ConfigGetFunc)config_get_disk_monitoring},

 	{CONFIG_DISK_THRESHOLD, config_set_disk_threshold,

 		NULL, 0,

-		(void**)&global_slapdFrontendConfig.disk_threshold, CONFIG_LONG,

-		(ConfigGetFunc)config_get_disk_threshold},

+		(void**)&global_slapdFrontendConfig.disk_threshold,

+		CONFIG_LONG, (ConfigGetFunc)config_get_disk_threshold},

 	{CONFIG_DISK_GRACE_PERIOD, config_set_disk_grace_period,

 		NULL, 0,

 		(void**)&global_slapdFrontendConfig.disk_grace_period,

@@ -1255,9 +1255,10 @@ config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, in

     errno = 0;

     threshold = strtoll(value, &endp, 10);

-    if ( *endp != '\0' || threshold < 4096 || errno == ERANGE ) {

-        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld",

-            attrname, value, (long long int)LONG_MAX );

+    if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) {

+        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,

+            "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld",

+            attrname, value, LONG_MAX );

         retVal = LDAP_OPERATIONS_ERROR;

         return retVal;

     }

@@ -1754,7 +1755,7 @@ config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int app

   sizelimit = strtol(value, &endp, 10);

   if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) {

-	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %ld",

+	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld",

 			attrname, value, LONG_MAX );

 	retVal = LDAP_OPERATIONS_ERROR;

 	return retVal;

@@ -1798,7 +1799,7 @@ config_set_pagedsizelimit( const char *attrname, char *value, char *errorbuf, in

   pagedsizelimit = strtol(value, &endp, 10);

   if ( *endp != '\0' || errno == ERANGE || pagedsizelimit < -1 ) {

-	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %ld",

+	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %lld",

 			attrname, value, LONG_MAX );

 	retVal = LDAP_OPERATIONS_ERROR;

 	return retVal;

@@ -2561,7 +2562,7 @@ config_set_pw_gracelimit( const char *attrname, char *value, char *errorbuf, int

   if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) {

 	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 

-			  "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %ld",

+			  "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %lld",

 			  value , LONG_MAX );

 	retVal = LDAP_OPERATIONS_ERROR;

 	return retVal;

@@ -3276,7 +3277,7 @@ config_set_ioblocktimeout( const char *attrname, char *value, char *errorbuf, in

   nValue = strtol(value, &endp, 10);

   if ( *endp != '\0' || errno == ERANGE || nValue < 0 ) {

-        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %ld",

+        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %lld",

                       attrname, value, LONG_MAX );

         retVal = LDAP_OPERATIONS_ERROR;

         return retVal;

@@ -3318,7 +3319,7 @@ config_set_idletimeout( const char *attrname, char *value, char *errorbuf, int a

   nValue = strtol(value, &endp, 10);

   if (*endp != '\0' || errno == ERANGE || nValue < 0 ) {

-        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %ld",

+        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %lld",

                       attrname, value, LONG_MAX );

         retVal = LDAP_OPERATIONS_ERROR;

         return retVal;

@@ -3421,7 +3422,7 @@ config_set_timelimit( const char *attrname, char *value, char *errorbuf, int app

   if ( *endp != '\0' || errno == ERANGE || nVal < -1 ) {

 	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,

-			"%s: invalid value \"%s\", time limit must range from -1 to %ld",

+			"%s: invalid value \"%s\", time limit must range from -1 to %lld",

                          attrname, value, LONG_MAX );

         retVal = LDAP_OPERATIONS_ERROR;

         return retVal;

@@ -3617,7 +3618,7 @@ config_set_pw_warning( const char *attrname, char *value, char *errorbuf, int ap

   if (errno == ERANGE || sec < 0) {

 	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 

 			   "%s: password warning age \"%s\" is invalid, password warning "

-			   "age must range from 0 to %ld seconds", 

+			   "age must range from 0 to %lld seconds", 

 			   attrname, value, LONG_MAX );

 	retVal = LDAP_OPERATIONS_ERROR;

 	return retVal;

@@ -3648,7 +3649,7 @@ config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, in

   if ( *endp != '\0' || errno == ERANGE || level < 0 ) {

         PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: error log level \"%s\" is invalid,"

-                      " error log level must range from 0 to %ld", attrname, value, LONG_MAX );

+                      " error log level must range from 0 to %lld", attrname, value, LONG_MAX );

         retVal = LDAP_OPERATIONS_ERROR;

         return retVal;

   }

@@ -3686,7 +3687,7 @@ config_set_accesslog_level( const char *attrname, char *value, char *errorbuf, i

   if ( *endp != '\0' || errno == ERANGE || level < 0 ) {

         PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: access log level \"%s\" is invalid,"

-                      " access log level must range from 0 to %ld", attrname, value, LONG_MAX );

+                      " access log level must range from 0 to %lld", attrname, value, LONG_MAX );

         retVal = LDAP_OPERATIONS_ERROR;

         return retVal;

   }

@@ -5050,7 +5051,7 @@ config_set_maxsasliosize( const char *attrname, char *value, char *errorbuf, int

   if (retVal != LDAP_SUCCESS) {

     PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,

-                 "%s: \"%s\" is invalid. Value must range from -1 to %ld",

+                 "%s: \"%s\" is invalid. Value must range from -1 to %lld",

                  attrname, value, LONG_MAX );

   } else if (apply) {

     CFG_LOCK_WRITE(slapdFrontendConfig);

-- 

1.8.1.4