1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
samba-mirror/lib
Douglas Bagnall e21251926b ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold
If two strings are invalid UTF-8, the string is first compared with
memcmp(), which compares as unsigned char.

If the strings are of different lengths and one is a substring of the
other, the memcmp() returns 0 and a second comparison is made which
assumes the next character in the shorter string is '\0' -- but this
comparison was done using SIGNED chars (on most systems). That leads
to non-transitive comparisons.

Consider the strings {"a\xff", "a", "ab\xff"} under that system.

   "a\xff"  < "a",      because (char)0xff == -1.

   "ab\xff" > "a",     because  'b' == 98.

   "ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the
                       signed char tiebreaker.

(Before c49c48afe0, the final character
might br arbitrarily cast into another character -- in latin-1, for
example, the 0xff here would have been seen as 'ÿ', which would be
uppercased to 'Ÿ', which is U+0178, which would be truncated to
'\x78', a positive char.

On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ',
remaining negative).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e2051eebd4)
2024-06-10 13:24:17 +00:00
..
addns lib:addns: Don’t call memcpy() with a NULL pointer 2023-05-05 02:54:31 +00:00
afs auth: Make more liberal use of SID index constants 2023-02-08 00:03:39 +00:00
async_req lib/async_req: let writev_send/recv use TEVENT_FD_ERROR 2023-10-24 09:36:37 +00:00
audit_logging lib:audit_logging: Initialize ‘tm’ structure 2023-09-27 02:43:28 +00:00
cmdline lib:cmdline: Fix code spelling 2023-12-21 20:21:34 +00:00
compression Use python.h from libreplace 2023-11-20 15:37:33 +00:00
crypto lib:crypto: Add tests for GKDI key derivation 2023-12-22 06:31:29 +00:00
dbwrap dbwrap: Simplify dbwrap_change_int32_atomic_action() 2023-08-14 19:53:37 +00:00
fuzzing lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename 2024-06-10 13:24:16 +00:00
krb5_wrap Do not fail checksums for RFC8009 types 2024-04-16 12:24:55 +00:00
ldb ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold 2024-06-10 13:24:17 +00:00
ldb-samba ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs 2024-06-10 13:24:17 +00:00
messaging lib:messaging: Fix code spelling 2023-04-11 09:06:36 +00:00
mscat lib:mscat: Remove unnecessary casts 2023-09-14 21:35:28 +00:00
param VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h 2023-12-15 10:44:42 +00:00
printer_driver lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835) 2023-10-13 02:18:30 +00:00
pthreadpool lib:pthreadpool: Fix code spelling 2023-04-11 09:06:36 +00:00
replace lib:replace: Add python.h 2023-11-20 15:37:33 +00:00
smbconf Use python.h from libreplace 2023-11-20 15:37:33 +00:00
socket lib/socket: rearrange iface_comp() to use NUMERIC_CMP 2024-06-10 13:24:16 +00:00
talloc talloc: release 2.4.2 2024-01-29 14:39:32 +00:00
tdb tdb: release 1.4.10 2024-01-29 14:39:32 +00:00
tdb_wrap lib: Open tdb files with O_CLOEXEC 2021-06-04 16:47:34 +00:00
tdr util/charset: Rename utf16_len_n() to utf16_null_terminated_len_n() 2023-11-15 22:07:36 +00:00
tevent tevent: release 0.16.1 2024-01-29 14:39:32 +00:00
texpect texpect: don't ignore unknown options 2021-09-10 15:10:30 +00:00
torture lib/torture: add assert_int_{less,greater} macros 2024-06-10 13:24:16 +00:00
tsocket lib/tsocket: add tstream_bsd_fail_readv_first_error() 2023-10-24 09:36:37 +00:00
util util:datablob: avoid non-transitive comparison in data_blob_cmp() 2024-06-10 13:24:16 +00:00
README various: Remove references to about to be deleted thirdparty/dnspython 2018-12-11 20:07:18 +01:00
wscript_build

compression - Various compression algorithms (MSZIP, lzxpress)
popt - Command-line option parsing library
replace - Provides replacements for standard (POSIX, C99) functions 
          not provided by the host platform.
subunit - Utilities and bindings for working with the Subunit test result 
          reporting protocol.
talloc - Hierarchical pool based memory allocator 
tdb - Simple but fast key/value database library, supporting multiple writers
torture - Simple unit testing helper library