sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
e21251926b
samba-mirror/lib/ldb/common
History
Douglas Bagnall e21251926b ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold 
If two strings are invalid UTF-8, the string is first compared with
memcmp(), which compares as unsigned char.

If the strings are of different lengths and one is a substring of the
other, the memcmp() returns 0 and a second comparison is made which
assumes the next character in the shorter string is '\0' -- but this
comparison was done using SIGNED chars (on most systems). That leads
to non-transitive comparisons.

Consider the strings {"a\xff", "a", "ab\xff"} under that system.

   "a\xff"  < "a",      because (char)0xff == -1.

   "ab\xff" > "a",     because  'b' == 98.

   "ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the
                       signed char tiebreaker.

(Before c49c48afe0, the final character
might br arbitrarily cast into another character -- in latin-1, for
example, the 0xff here would have been seen as 'ÿ', which would be
uppercased to 'Ÿ', which is U+0178, which would be truncated to
'\x78', a positive char.

On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ',
remaining negative).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e2051eebd4)
2024-06-10 13:24:17 +00:00
..
attrib_handlers.c ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold 2024-06-10 13:24:17 +00:00
ldb_attributes.c ldb_tdb: Read from @INDEXLIST or an override if we are using a GUID index 2017-09-22 21:20:23 +02:00
ldb_controls.c lib:ldb: Fix typo 2023-03-03 01:07:36 +00:00
ldb_debug.c lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown 2012-08-09 20:14:23 +10:00
ldb_dn.c ldb: avoid NULL deref in ldb_db_compare 2024-06-10 13:24:17 +00:00
ldb_ldif.c lib:ldb: do not offset against NULL pointer in ldb_ldif_read() 2023-05-09 01:59:32 +00:00
ldb_match.c CVE-2023-0614 ldb: Filter on search base before redacting message 2023-04-05 02:10:35 +00:00
ldb_modules.c ldb: Fix code spelling 2023-10-25 22:23:37 +00:00
ldb_msg.c ldb: reduce non-transitive comparisons in ldb_msg_element_compare() 2024-06-10 13:24:16 +00:00
ldb_options.c ldb: Add new internal helper function ldb_options_get() 2019-07-04 10:02:23 +00:00
ldb_pack.c ldb: Avoid undefined pointer arithmetic 2023-04-12 13:52:31 +00:00
ldb_parse.c ldb: Use correct member of union 2023-04-05 02:10:35 +00:00
ldb_utf8.c lib:ldb: Use ldb_ascii_toupper() for case folding 2022-12-23 13:23:29 +00:00
ldb.c ldb: Fix code spelling 2023-09-11 02:42:41 +00:00
qsort.c ldb: avoid out of bounds read and write in ldb_qsort() 2024-06-10 13:24:16 +00:00