Bug 12900 - index out of bound in ldb_msg_find_common_values
index out of bound in ldb_msg_find_common_values
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.7.0rc2
All All
: P5 regression
: 4.7
Assigned To: Douglas Bagnall
Samba QA Contact
:
Depends on: 12901
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-13 04:27 UTC by Douglas Bagnall
Modified: 2017-07-23 14:27 UTC (History)
1 user (show)

See Also:


Attachments
patch avoiding the out-of-bounds error (2.85 KB, patch)
2017-07-13 04:36 UTC, Douglas Bagnall
no flags Details
patch avoiding getting anywhere near the out-of-bounds error (1.08 KB, patch)
2017-07-13 04:39 UTC, Douglas Bagnall
no flags Details
tests for the out-of-bounds on zero (4.54 KB, patch)
2017-07-13 04:39 UTC, Douglas Bagnall
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Douglas Bagnall 2017-07-13 04:27:15 UTC
ldb wanders out of bounds in some cases when dealing with message elements with zero values.

Found and fixed in master by Lukas Slebodnik <lslebodn@redhat.com>, but 4.7 is affected. 4.6 and below are not.
Comment 1 Stefan Metzmacher 2017-07-13 04:30:02 UTC
Once we have a conclusion regarding the python3 ABI files, we should
do a new ldb release from master and then backport the whole ldb release.
Comment 2 Douglas Bagnall 2017-07-13 04:36:59 UTC
Created attachment 13369 [details]
patch avoiding the out-of-bounds error
Comment 3 Douglas Bagnall 2017-07-13 04:39:00 UTC
Created attachment 13370 [details]
patch avoiding getting anywhere near the out-of-bounds error

While both patches are not strictly necessary as either will avoid the bug, they are complementary and it is worth having both.
Comment 4 Douglas Bagnall 2017-07-13 04:39:50 UTC
Created attachment 13371 [details]
tests for the out-of-bounds on zero

tests proving the above patches
Comment 5 Douglas Bagnall 2017-07-13 04:41:15 UTC
(In reply to Stefan Metzmacher from comment #1)

Ah, OK.
Comment 6 Stefan Metzmacher 2017-07-23 14:27:20 UTC
Fixed in v4-7-test