|
 |
f5000e |
From ce824731f4839f7812109b8c04ce704a56eeca4b Mon Sep 17 00:00:00 2001
|
|
|
f5000e |
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
|
f5000e |
Date: Wed, 10 Feb 2016 11:36:32 -0800
|
|
|
f5000e |
Subject: [PATCH 90/93] Ticket #48492 - heap corruption at schema replication.
|
|
|
f5000e |
|
|
|
f5000e |
Description: 389-ds-base-1.3.2 and newer uses openldap schema parser,
|
|
|
f5000e |
which is more strict with the definition. For instance, the older
|
|
|
f5000e |
389-ds-base could have a schema such as SINTAX OID in single quotes,
|
|
|
f5000e |
which is not acceptable on the newer version. There was a bug to
|
|
|
f5000e |
handle the error case that caused a crash.
|
|
|
f5000e |
|
|
|
f5000e |
This patch adds
|
|
|
f5000e |
1) the null reference check to attr_syntax_free (attrsyntax.c),
|
|
|
f5000e |
2) a null init to the output arg in parse_at_str and parse_oc_str
|
|
|
f5000e |
(schema.c) and
|
|
|
f5000e |
3) an error logging to schema_berval_to_atlist & schema_berval_to_oclist
|
|
|
f5000e |
(schema.c) for troubleshooting.
|
|
|
f5000e |
|
|
|
f5000e |
https://fedorahosted.org/389/ticket/48492
|
|
|
f5000e |
|
|
|
f5000e |
Reviewed by wibrown@redhat.com and mreynolds@redhat.com (Thank you, William and Mark!)
|
|
|
f5000e |
|
|
|
f5000e |
(cherry picked from commit b5bfa2a0386e168ce2196a077169382ae53a94b4)
|
|
|
f5000e |
(cherry picked from commit 9bd53c297683e691fef174bf1aed6842f475fb9f)
|
|
|
f5000e |
---
|
|
|
f5000e |
ldap/servers/slapd/attrsyntax.c | 3 +++
|
|
|
f5000e |
ldap/servers/slapd/schema.c | 16 +++++++++++++++-
|
|
|
f5000e |
2 files changed, 18 insertions(+), 1 deletion(-)
|
|
|
f5000e |
|
|
|
f5000e |
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
|
|
|
f5000e |
index 4cdcf86..8b2a77a 100644
|
|
|
f5000e |
--- a/ldap/servers/slapd/attrsyntax.c
|
|
|
f5000e |
+++ b/ldap/servers/slapd/attrsyntax.c
|
|
|
f5000e |
@@ -189,6 +189,9 @@ attr_syntax_check_oids()
|
|
|
f5000e |
void
|
|
|
f5000e |
attr_syntax_free( struct asyntaxinfo *a )
|
|
|
f5000e |
{
|
|
|
f5000e |
+ if (!a) {
|
|
|
f5000e |
+ return;
|
|
|
f5000e |
+ }
|
|
|
f5000e |
cool_charray_free( a->asi_aliases );
|
|
|
f5000e |
slapi_ch_free_string(&a->asi_name );
|
|
|
f5000e |
slapi_ch_free_string(&a->asi_desc );
|
|
|
f5000e |
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
|
|
|
f5000e |
index 65cbad5..dd56599 100644
|
|
|
f5000e |
--- a/ldap/servers/slapd/schema.c
|
|
|
f5000e |
+++ b/ldap/servers/slapd/schema.c
|
|
|
f5000e |
@@ -263,6 +263,9 @@ static PRCallOnceType schema_dse_mandatory_init_callonce = { 0, 0, 0 };
|
|
|
f5000e |
static int parse_at_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, size_t errorbufsize,
|
|
|
f5000e |
PRUint32 schema_flags, int is_user_defined, int schema_ds4x_compat, int is_remote)
|
|
|
f5000e |
{
|
|
|
f5000e |
+ if (asipp) {
|
|
|
f5000e |
+ *asipp = NULL;
|
|
|
f5000e |
+ }
|
|
|
f5000e |
#ifdef USE_OPENLDAP
|
|
|
f5000e |
return parse_attr_str(input, asipp, errorbuf, errorbufsize, schema_flags, is_user_defined,schema_ds4x_compat,is_remote);
|
|
|
f5000e |
#else
|
|
|
f5000e |
@@ -274,6 +277,9 @@ static int parse_oc_str(const char *input, struct objclass **oc, char *errorbuf,
|
|
|
f5000e |
size_t errorbufsize, PRUint32 schema_flags, int is_user_defined,
|
|
|
f5000e |
int schema_ds4x_compat, struct objclass* private_schema )
|
|
|
f5000e |
{
|
|
|
f5000e |
+ if (oc) {
|
|
|
f5000e |
+ *oc = NULL;
|
|
|
f5000e |
+ }
|
|
|
f5000e |
#ifdef USE_OPENLDAP
|
|
|
f5000e |
return parse_objclass_str (input, oc, errorbuf, errorbufsize, schema_flags, is_user_defined, schema_ds4x_compat, private_schema );
|
|
|
f5000e |
#else
|
|
|
f5000e |
@@ -7146,11 +7152,15 @@ schema_berval_to_oclist(struct berval **oc_berval)
|
|
|
f5000e |
oc_list = NULL;
|
|
|
f5000e |
oc_tail = NULL;
|
|
|
f5000e |
if (oc_berval != NULL) {
|
|
|
f5000e |
+ errorbuf[0] = '\0';
|
|
|
f5000e |
for (i = 0; oc_berval[i] != NULL; i++) {
|
|
|
f5000e |
/* parse the objectclass value */
|
|
|
f5000e |
if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
|
|
|
f5000e |
errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
|
|
|
f5000e |
schema_ds4x_compat, oc_list))) {
|
|
|
f5000e |
+ slapi_log_error(SLAPI_LOG_FATAL, "schema",
|
|
|
f5000e |
+ "parse_oc_str returned error: %s\n",
|
|
|
f5000e |
+ errorbuf[0]?errorbuf:"unknown");
|
|
|
f5000e |
oc_free(&oc);
|
|
|
f5000e |
rc = 1;
|
|
|
f5000e |
break;
|
|
|
f5000e |
@@ -7184,11 +7194,15 @@ schema_berval_to_atlist(struct berval **at_berval)
|
|
|
f5000e |
schema_ds4x_compat = config_get_ds4_compatible_schema();
|
|
|
f5000e |
|
|
|
f5000e |
if (at_berval != NULL) {
|
|
|
f5000e |
+ errorbuf[0] = '\0';
|
|
|
f5000e |
for (i = 0; at_berval[i] != NULL; i++) {
|
|
|
f5000e |
/* parse the objectclass value */
|
|
|
f5000e |
rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
|
|
|
f5000e |
DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
|
|
|
f5000e |
- if(rc){
|
|
|
f5000e |
+ if (rc) {
|
|
|
f5000e |
+ slapi_log_error(SLAPI_LOG_FATAL, "schema",
|
|
|
f5000e |
+ "parse_oc_str returned error: %s\n",
|
|
|
f5000e |
+ errorbuf[0]?errorbuf:"unknown");
|
|
|
f5000e |
attr_syntax_free(at);
|
|
|
f5000e |
break;
|
|
|
f5000e |
}
|
|
|
f5000e |
--
|
|
|
f5000e |
2.4.11
|
|
|
f5000e |
|