[Pkg-openldap-devel] [openldap] 06/07: Import patches for SASL memory corruption (#860947)

Ryan Tandy rtandy-guest at moszumanska.debian.org
Fri Aug 11 02:05:47 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch stretch
in repository openldap.

commit e03de7ca825708dc926ab0e1d7d127451508f02d
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Tue Aug 8 18:44:11 2017 -0700

    Import patches for SASL memory corruption (#860947)
---
 debian/changelog                                   |  3 +
 ...eck-result-of-ldap_int_initialize-in-ldap.patch | 30 +++++++++
 ...ITS-8648-init-SASL-library-in-global-init.patch | 74 ++++++++++++++++++++++
 debian/patches/series                              |  2 +
 4 files changed, 109 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 52dab3c..40a41e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ openldap (2.4.44+dfsg-5+deb9u1) UNRELEASED; urgency=medium
   * Import upstream patch to fix potential endless replication loop in a 
     multi-master delta-syncrepl scenario with 3 or more nodes.
     (ITS#8432) (Closes: #868753)
+  * Import upstream patches to fix memory corruption caused by calling 
+    sasl_client_init() multiple times and possibly concurrently.
+    (ITS#8648) (Closes: #860947)
 
  -- Ryan Tandy <ryan at nardis.ca>  Tue, 08 Aug 2017 18:19:08 -0700
 
diff --git a/debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch b/debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
new file mode 100644
index 0000000..a6cde4b
--- /dev/null
+++ b/debian/patches/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
@@ -0,0 +1,30 @@
+From e437b12277c1cc8ec72e0f78f660137c60ffaad7 Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan at nardis.ca>
+Date: Sun, 7 May 2017 20:16:00 +0000
+Subject: [PATCH] ITS#8648 check result of ldap_int_initialize in
+ ldap_{get,set}_option
+
+---
+ libraries/libldap/options.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/libraries/libldap/options.c
++++ b/libraries/libldap/options.c
+@@ -106,6 +106,8 @@
+ 
+ 	if( lo->ldo_valid != LDAP_INITIALIZED ) {
+ 		ldap_int_initialize(lo, NULL);
++		if ( lo->ldo_valid != LDAP_INITIALIZED )
++			return LDAP_LOCAL_ERROR;
+ 	}
+ 
+ 	if(ld != NULL) {
+@@ -446,6 +448,8 @@
+ 
+ 	if( lo->ldo_valid != LDAP_INITIALIZED ) {
+ 		ldap_int_initialize(lo, dbglvl);
++		if ( lo->ldo_valid != LDAP_INITIALIZED )
++			return LDAP_LOCAL_ERROR;
+ 	}
+ 
+ 	if(ld != NULL) {
diff --git a/debian/patches/ITS-8648-init-SASL-library-in-global-init.patch b/debian/patches/ITS-8648-init-SASL-library-in-global-init.patch
new file mode 100644
index 0000000..6ea91d8
--- /dev/null
+++ b/debian/patches/ITS-8648-init-SASL-library-in-global-init.patch
@@ -0,0 +1,74 @@
+From 431c4af526b18abb4a18c2c4c8655690b753cbe5 Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan at nardis.ca>
+Date: Fri, 5 May 2017 03:08:07 +0000
+Subject: [PATCH] ITS#8648 init SASL library in global init
+
+---
+ libraries/libldap/cyrus.c | 17 +++--------------
+ libraries/libldap/init.c  |  6 ++++++
+ 2 files changed, 9 insertions(+), 14 deletions(-)
+
+--- a/libraries/libldap/cyrus.c
++++ b/libraries/libldap/cyrus.c
+@@ -69,14 +69,11 @@
+ 	{ SASL_CB_LIST_END, NULL, NULL }
+ };
+ 
++/*
++ * ldap_int_initialize is responsible for calling this only once.
++ */
+ int ldap_int_sasl_init( void )
+ {
+-	/* XXX not threadsafe */
+-	static int sasl_initialized = 0;
+-
+-	if ( sasl_initialized ) {
+-		return 0;
+-	}
+ 
+ /* SASL 2 takes care of its own memory completely internally */
+ #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC)
+@@ -96,7 +93,6 @@
+ #endif
+ 
+ 	if ( sasl_client_init( NULL ) == SASL_OK ) {
+-		sasl_initialized = 1;
+ 		return 0;
+ 	}
+ 
+@@ -307,11 +303,6 @@
+ 		return ld->ld_errno;
+ 	}
+ 
+-	if ( ldap_int_sasl_init() ) {
+-		ld->ld_errno = LDAP_LOCAL_ERROR;
+-		return ld->ld_errno;
+-	}
+-
+ #if SASL_VERSION_MAJOR >= 2
+ 	rc = sasl_client_new( "ldap", host, NULL, NULL,
+ 		client_callbacks, 0, &ctx );
+@@ -891,8 +882,6 @@
+ ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
+ {
+ 	if ( option == LDAP_OPT_X_SASL_MECHLIST ) {
+-		if ( ldap_int_sasl_init() )
+-			return -1;
+ 		*(char ***)arg = (char **)sasl_global_listmech();
+ 		return 0;
+ 	}
+--- a/libraries/libldap/init.c
++++ b/libraries/libldap/init.c
+@@ -658,6 +658,12 @@
+ 	if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
+ #endif
+ 
++#ifdef HAVE_CYRUS_SASL
++	if ( ldap_int_sasl_init() != 0 ) {
++		return;
++	}
++#endif
++
+ 	ldap_int_initialize_global_options(gopts, dbglvl);
+ 
+ 	if( getenv("LDAPNOINIT") != NULL ) {
diff --git a/debian/patches/series b/debian/patches/series
index bfbbdc1..748fb04 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -29,3 +29,5 @@ ITS-8644-wait-for-slapd-to-start-in-test064.patch
 ITS-8655-paged-results-double-free.patch
 ITS-8385-Fix-use-after-free-with-GnuTLS.patch
 ITS-8432-fix-infinite-looping-mods-in-delta-mmr.patch
+ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch
+ITS-8648-init-SASL-library-in-global-init.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

More information about the Pkg-openldap-devel mailing list