IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Limit the number of nested conditionals allowed by ldb_parse tree to
128, to avoid potential stack overflow issues.
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19508
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Sun May 10 23:21:08 UTC 2020 on sn-devel-184
We want to keep going down the module stack, and not start from the top again.
ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Initilalise "stale" to zero before passing a pointer to it to
mdb_reader_check.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 7 12:29:00 UTC 2020 on sn-devel-184
In use process failures and Bind9 shut downs leave stale entries in the
lmdb reader table. This can result in lmdb filling it's database file, as
the free list can not be reclaimed due to the stale reader.
In this fix we call mdb_reader_check at the start of each transaction,
to free any stale readers. As the default maximum number of readers is
127, this should not impact on performance to any great extent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 31 01:26:07 UTC 2020 on sn-devel-184
Fix indentation of list members and fix lines > 79 characters to remove
PEP8 warnings.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add cmocka tests to confirm lmdb's handling of the free list.
As a result of lmdb's MVCC (Multiversion Concurrency Control) long
running read transactions or stale readers (read transactions where the
process exited without ending the transaction) can cause the database to
run out of space.
Items in the free list are only reused when they would not be visible in
a read transaction. So long running read transactions prevent entries
in the free list being reused, and the database can run out of space.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ldb* tools, when passed a raw filename assume tdb://
By default, ldb_tdb will call tdb with O_CREAT.
TDB, when passed O_CREAT and a not-tdb file, will wipe the file.
This means that if you run ldbedit <path to mdb-format-ldb file> the file
will be wiped, which is unexpected. I noticed this while trying to
corrupt a sam.ldb backend file (for testing), but instead I wiped it!
Ideally tdb would not do that, but the behaviour has been this way for
decades. Ideally ldb would have had a "create db" command, but this
has been the job of ldbadd for over a decade.
So this just blunts the knife for ldbedit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14302
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This avoids using "ldb" as the memory context in most cases, and may avoid
a long-term memory leak if future changes cause dn_key not to be freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
We avoid bare if conditions in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
We need to ensure we TALLOC_FREE(tmp_ctx) in every error exit.
Reported by Alex Kolesnik, ABISoft Ltd., www.abisoft.biz. Thanks!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14299
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 26 23:11:39 UTC 2020 on sn-devel-184
* Bug 14270:
Samba 4.11 and later give incorrect results for SCOPE_ONE searches
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Feb 25 12:59:02 UTC 2020 on sn-devel-184
This changes the LDB behaviour in the combination of a SCOPE_ONE search and
an index returning less than 10 results.
After b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 the list->strict flag
became set to false in all cases, rather than being left to the
value set by the caller.
This changes the ldb_kv_index_dn_one() code to force strict
mode on success instead.
Thanks to Marcus Granér, ICEYE Oy for reporting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
TALLOC_FREE the ldb_control allocated in ldb_parse_control_from_string
when none of the cases match.
Credit to OSS-Fuzz
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This fix the following build failures:
[2466/3864] Linking bin/default/lib/ldb/ldbmodify
In file included from /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
from ../../lib/tevent/tevent.h:31,
from ../../lib/ldb/include/ldb.h:51,
from ../../lib/ldb/tests/test_ldb_dn.c:25:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
typedef unsigned long int uintptr_t;
^
In file included from ../../lib/ldb/tests/test_ldb_dn.c:23:0:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of 'uintptr_t' was here
typedef unsigned int uintptr_t;
^
In file included from /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
from ../../lib/tevent/tevent.h:31,
from ../../lib/ldb/tests/ldb_key_value_test.c:48:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
typedef unsigned long int uintptr_t;
^
In file included from ../../lib/ldb/tests/ldb_key_value_test.c:43:0:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of 'uintptr_t' was here
typedef unsigned int uintptr_t;
^
Fixes:
- http://autobuild.buildroot.org/results/9507739b3d5d51024ee9c60b74c2f85d5004e7e2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14218
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix ASAN detected use after free. No security implications as the
talloc_free is followed immediately by the print statement and the value
printed is an integer
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 6 11:13:24 UTC 2019 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 5 17:13:36 UTC 2019 on sn-devel-184
We are setting ldb_debug_string() as the ldb debug function. The context
we give it is only valid as long as we're in that function.
On failure, we jump to the teardown function. The pointer for
debug_string isn't valid anymore, but the ldb debug system still points
to that address, and when we store the location of the allocated string,
we overwrite memory, in that case something from talloc and a
talloc_free() then jumps into the nirvana.
Thanks to Florian Weimer who helped debugging this.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
The print functions used in Samba NULL terminate, but do not assume they will
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This is beyond the normal level of clarity we expect in Samba, and is of course
rudundent, but this is a complex routine that has confusing tests, some of
pointers and some of boolean state values.
This tries to make the code as clear as possible pending a more comprehensive
rewrite.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 27 01:16:33 UTC 2019 on sn-devel-184
This is a macro that sets the pointer to NULL after the talloc_free()
and is part of our standard coding practices.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Thankfully this only fails if the DB is corrupt and has a duplicate record.
The test was at the wrong end of the loop, and was for the
wrong boundary condition. A write after the end of the array would
occour before the condition was hit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13695
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fix the lmdb size test which ensures that databases > 4GiB can be
written by the lmdb backend. This test is not run as part of the normal
CI run as it exhausts the available disk on the test runners.
It was broken by changes to LDB allowing the lmdb map size to be
specified, and requiring GUID indexing by default.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The msg for each database record is allocated on the module context, but
never freed. The module seems like it could be a long-running context (as
the database would normally get repacked by the samba executable).
Even if it's not a proper leak, it shouldn't hurt to cleanup the memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 20 04:57:10 UTC 2019 on sn-devel-184
Firstly, with Samba AD this looks a little weird because we log the same
message 5 times (once for every partition). If we log that we're doing
this to records in different partitions, hopefully someone with a little
Samba knowledge can figure out what's going on.
Secondly, the info about what partitions are actually changing might be
useful. E.g. if we hit a fatal error repacking the 3rd partition, and
the transaction doesn't abort properly, then it would be useful to know
what partitions were repacked and which ones weren't.
There doesn't appear to be a useful name for the partition
(ldb_kv->kv_ops->name() doesn't seem any more intelligible to a user),
so just log the first record that we update. We can use that to infer
the partition database).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The "format 0x26011968" log confused me (and I'm a developer).
We can subtract the base offset from the pack format to get a more
user-friendly number, e.g. v0 (not actually used), v1, v2, etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The main reason is so that any future pack formats will continue
incrementing this number in a sequential fashion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Store it on the repack context so that we can log a more informative
message "Repacking from format x to format y".
While this is not really a big deal currently, it could be worth
recording for potential future scenarios (i.e. supporting three or more
pack versions), where upgrades could potentially skip an intermediary
pack format version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
