From f44463a52bfb01c7dcc3ff46f9b43da18f3d178a Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Fri, 26 Jul 2013 08:36:29 -0600
Subject: [PATCH 157/225] Ticket 47427 - Overflow in
 nsslapd-disk-monitoring-threshold

Bug Description:  If you directory try and set the threshold to -2,
                  the server allows it, but it should be rejected.

Fix Description:  With PR_snprintf and other NSPR formatting functions,
                  %lld must be used with LONG_MAX, instead of %ld which
                  must be used with regular printf.

https://fedorahosted.org/389/ticket/47427

Reviewed by: mreynolds (Thanks!)
(cherry picked from commit 5df006bd765163279f14cfbb0a136c15c69bed5b)
(cherry picked from commit 0b5fede023836b8b41a31c0106775767f306d21d)
(cherry picked from commit b8c921f201929ec15974f2ccbe36af5caf74c74c)
(cherry picked from commit 874f40e7e775b7f71b50bd5c775da45d3f7dc888)
---
 ldap/servers/slapd/libglobs.c | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 930fd72..0fc9022 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -679,8 +679,8 @@ static struct config_get_and_set {
 		(ConfigGetFunc)config_get_disk_monitoring},
 	{CONFIG_DISK_THRESHOLD, config_set_disk_threshold,
 		NULL, 0,
-		(void**)&global_slapdFrontendConfig.disk_threshold, CONFIG_LONG,
-		(ConfigGetFunc)config_get_disk_threshold},
+		(void**)&global_slapdFrontendConfig.disk_threshold,
+		CONFIG_LONG, (ConfigGetFunc)config_get_disk_threshold},
 	{CONFIG_DISK_GRACE_PERIOD, config_set_disk_grace_period,
 		NULL, 0,
 		(void**)&global_slapdFrontendConfig.disk_grace_period,
@@ -1255,9 +1255,10 @@ config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, in
     errno = 0;
     threshold = strtoll(value, &endp, 10);
 
-    if ( *endp != '\0' || threshold < 4096 || errno == ERANGE ) {
-        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld",
-            attrname, value, (long long int)LONG_MAX );
+    if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) {
+        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+            "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld",
+            attrname, value, LONG_MAX );
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
     }
@@ -1754,7 +1755,7 @@ config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int app
   sizelimit = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) {
-	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %ld",
+	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld",
 			attrname, value, LONG_MAX );
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -1798,7 +1799,7 @@ config_set_pagedsizelimit( const char *attrname, char *value, char *errorbuf, in
   pagedsizelimit = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || pagedsizelimit < -1 ) {
-	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %ld",
+	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %lld",
 			attrname, value, LONG_MAX );
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -2561,7 +2562,7 @@ config_set_pw_gracelimit( const char *attrname, char *value, char *errorbuf, int
 
   if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) {
 	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 
-			  "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %ld",
+			  "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %lld",
 			  value , LONG_MAX );
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -3276,7 +3277,7 @@ config_set_ioblocktimeout( const char *attrname, char *value, char *errorbuf, in
   nValue = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || nValue < 0 ) {
-        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %ld",
+        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %lld",
                       attrname, value, LONG_MAX );
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
@@ -3318,7 +3319,7 @@ config_set_idletimeout( const char *attrname, char *value, char *errorbuf, int a
   nValue = strtol(value, &endp, 10);
 
   if (*endp != '\0' || errno == ERANGE || nValue < 0 ) {
-        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %ld",
+        PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %lld",
                       attrname, value, LONG_MAX );
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
@@ -3421,7 +3422,7 @@ config_set_timelimit( const char *attrname, char *value, char *errorbuf, int app
 
   if ( *endp != '\0' || errno == ERANGE || nVal < -1 ) {
 	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			"%s: invalid value \"%s\", time limit must range from -1 to %ld",
+			"%s: invalid value \"%s\", time limit must range from -1 to %lld",
                          attrname, value, LONG_MAX );
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
@@ -3617,7 +3618,7 @@ config_set_pw_warning( const char *attrname, char *value, char *errorbuf, int ap
   if (errno == ERANGE || sec < 0) {
 	PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 
 			   "%s: password warning age \"%s\" is invalid, password warning "
-			   "age must range from 0 to %ld seconds", 
+			   "age must range from 0 to %lld seconds", 
 			   attrname, value, LONG_MAX );
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -3648,7 +3649,7 @@ config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, in
 
   if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
         PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: error log level \"%s\" is invalid,"
-                      " error log level must range from 0 to %ld", attrname, value, LONG_MAX );
+                      " error log level must range from 0 to %lld", attrname, value, LONG_MAX );
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
   }
@@ -3686,7 +3687,7 @@ config_set_accesslog_level( const char *attrname, char *value, char *errorbuf, i
 
   if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
         PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: access log level \"%s\" is invalid,"
-                      " access log level must range from 0 to %ld", attrname, value, LONG_MAX );
+                      " access log level must range from 0 to %lld", attrname, value, LONG_MAX );
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
   }
@@ -5050,7 +5051,7 @@ config_set_maxsasliosize( const char *attrname, char *value, char *errorbuf, int
 
   if (retVal != LDAP_SUCCESS) {
     PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                 "%s: \"%s\" is invalid. Value must range from -1 to %ld",
+                 "%s: \"%s\" is invalid. Value must range from -1 to %lld",
                  attrname, value, LONG_MAX );
   } else if (apply) {
     CFG_LOCK_WRITE(slapdFrontendConfig);
-- 
1.8.1.4