packages/libtdb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!37 [sync] PR-35: Do not pass non–null‐terminated strings to strcmp()

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @hubin95 
Signed-off-by: @hubin95
This commit is contained in:
openeuler-ci-bot 2024-05-09 06:03:57 +00:00 committed by Gitee
commit 217282a611
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch Normal file
View File

@ -0,0 +1,40 @@
From 757cd49b8445f22c2c19380e948e7aba5a76399a Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 6 Oct 2023 13:54:02 +1300
Subject: [PATCH] =?UTF-8?q?tdb:=20Do=20not=20pass=20non=E2=80=93null?=
=?UTF-8?q?=E2=80=90terminated=20strings=20to=20strcmp()=20(CID=201449485)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reference:https://github.com/samba-team/samba/commit/757cd49b8445f22c2c19380e948e7aba5a76399a
Conflict:NA
---
common/open.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/common/open.c b/common/open.c
index f7f65b0..4e138c6 100644
--- a/common/open.c
+++ b/common/open.c
@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
errno = 0;
if (read(tdb->fd, &header, sizeof(header)) != sizeof(header)
- || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) {
+ /*
+ * Call strncmp() rather than strcmp() in case header.magic_food is
+ * not zeroterminated. Were still checking the full string for
+ * equality, as tdb_header::magic_food is larger than
+ * TDB_MAGIC_FOOD.
+ */
+ || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) {
if (!(open_flags & O_CREAT) ||
tdb_new_database(tdb, &header, hash_size) == -1) {
if (errno == 0) {
--
2.33.0

10
libtdb.spec
View File

@ -1,11 +1,13 @@
Name: libtdb
Version: 1.4.9
Release: 1
Release: 2
Summary: The Tdb library
License: LGPLv3+
URL: http://tdb.samba.org/
Source: http://samba.org/ftp/tdb/tdb-%{version}.tar.gz
Patch6000: backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch
BuildRequires: gcc libxslt docbook-style-xsl
BuildRequires: python3-devel
Provides: bundled(libreplace)
@ -87,6 +89,12 @@ make %{?_smp_mflags} check
%ldconfig_scriptlets
%changelog
* Wed May 08 2024 wangjiang <wangjiang37@h-partners.com> - 1.4.9-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:tdb: Do not pass nonnullterminated strings to strcmp()
* Thu Aug 17 2023 dillon chen <dillon.chen@gmail.com> - 1.4.9-1
- upgrade version to 1.4.9