Blame SOURCES/0081-Ticket-49441-Import-crashes-with-large-indexed-binar.patch

b69e47
From df5000efced2d00aa0fc6546fcf6fc7b02e27256 Mon Sep 17 00:00:00 2001
b69e47
From: Mark Reynolds <mreynolds@redhat.com>
b69e47
Date: Mon, 6 Nov 2017 22:30:55 -0500
b69e47
Subject: [PATCH] Ticket 49441 - Import crashes with large indexed binary 
b69e47
 attributes
b69e47
b69e47
Bug Description:  Importing an ldif file that contains entries with large
b69e47
                  binary attributes that are indexed crashes the server.
b69e47
                  The crash occurs when "encoding" the binary value to a
b69e47
                  string for debug logging, where we "underflow" the buffer
b69e47
                  space index which then allows the string buffer to overflow.
b69e47
b69e47
Fix Description:  While filling the string buffer with the encoded binary
b69e47
                  value we need to make sure if the buffer space is greater
b69e47
                  than zero before decrementing it.
b69e47
b69e47
                  Also check if trace logging is being used before we actually
b69e47
                  call the logging function which calls the "encoded" function
b69e47
                  first.  This way we avoid this costly "encoding" on every
b69e47
                  index call we make.
b69e47
b69e47
https://pagure.io/389-ds-base/issue/49441
b69e47
b69e47
Reviewed by: firstyear(Thanks!)
b69e47
---
b69e47
 ldap/servers/slapd/back-ldbm/index.c | 21 ++++++++++-----------
b69e47
 1 file changed, 10 insertions(+), 11 deletions(-)
b69e47
b69e47
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
b69e47
index d4de28ca3..d62052a22 100644
b69e47
--- a/ldap/servers/slapd/back-ldbm/index.c
b69e47
+++ b/ldap/servers/slapd/back-ldbm/index.c
b69e47
@@ -808,7 +808,10 @@ encode (const struct berval* data, char buf[BUFSIZ])
b69e47
 		    bufSpace -= (s - first);
b69e47
 		}
b69e47
 		do {
b69e47
-		    *bufNext++ = '\\'; --bufSpace;
b69e47
+		    if (bufSpace) {
b69e47
+		        *bufNext++ = '\\';
b69e47
+		        --bufSpace;
b69e47
+		    }
b69e47
 		    if (bufSpace < 2) {
b69e47
 			memcpy (bufNext, "..", 2);
b69e47
 			bufNext += 2;
b69e47
@@ -903,8 +906,10 @@ index_read_ext_allids(
b69e47
 		slapi_log_err(SLAPI_LOG_ERR, "index_read_ext_allids", "NULL prefix\n");
b69e47
 		return NULL;
b69e47
 	}
b69e47
-	slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( \"%s\" %s \"%s\" )\n",
b69e47
-		   type, prefix, encode (val, buf));
b69e47
+	if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) {
b69e47
+	    slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( \"%s\" %s \"%s\" )\n",
b69e47
+	                  type, prefix, encode (val, buf));
b69e47
+	}
b69e47
 
b69e47
 	basetype = typebuf;
b69e47
 	if ( (basetmp = slapi_attr_basetype( type, typebuf, sizeof(typebuf) ))
b69e47
@@ -1737,16 +1742,13 @@ addordel_values(
b69e47
                  */
b69e47
 		key.flags = DB_DBT_USERMEM;
b69e47
                 key.ulen = tmpbuflen;
b69e47
-#ifdef LDAP_ERROR_LOGGING
b69e47
-		/* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE )  XXX */
b69e47
-		{
b69e47
+        if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) {
b69e47
 			char encbuf[BUFSIZ];
b69e47
 
b69e47
 			slapi_log_err(SLAPI_LOG_TRACE, "addordel_values", "%s_value(\"%s\")\n",
b69e47
 				   (flags & BE_INDEX_ADD) ? "add" : "del",
b69e47
 				   encoded (&key, encbuf));
b69e47
 		}
b69e47
-#endif
b69e47
 
b69e47
 		if (NULL != txn) {
b69e47
 			db_txn = txn->back_txn_txn;
b69e47
@@ -1907,16 +1909,13 @@ addordel_values_sv(
b69e47
          */
b69e47
         key.flags = DB_DBT_USERMEM;
b69e47
         key.ulen = tmpbuflen;
b69e47
-#ifdef LDAP_ERROR_LOGGING
b69e47
-        /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE )  XXX */
b69e47
-        {
b69e47
+        if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) {
b69e47
             char encbuf[BUFSIZ];
b69e47
 
b69e47
             slapi_log_err(SLAPI_LOG_TRACE, "addordel_values_sv", "%s_value(\"%s\")\n",
b69e47
                        (flags & BE_INDEX_ADD) ? "add" : "del",
b69e47
                        encoded (&key, encbuf));
b69e47
         }
b69e47
-#endif
b69e47
 
b69e47
         if (NULL != txn) {
b69e47
             db_txn = txn->back_txn_txn;
b69e47
-- 
b69e47
2.13.6
b69e47