Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0003-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0003-CVE-2020-25718-catch-potential-overflow-error.patch of Package samba
From 5e63f9c3c5e3d48e1aaf625649cb065c0dfae1df Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher <metze@samba.org> Date: Tue, 19 Jan 2021 16:53:55 +0100 Subject: [PATCH 004/284] CVE-2020-25718 pyldb: catch potential overflow error Conflict: NA Reference: https://git.samba.org/samba.git/?p=samba.git;a=patch;h=5e63f9c3c5e3d48e1aaf625649cb065c0dfae1df in py_timestring MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pair-Programmed-With: Bj枚rn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Bj枚rn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558 (cherry picked from commit 71e8b24b8a031de26b21539e36a60f459257d2fd) --- lib/ldb/common/ldb_msg.c | 1 + lib/ldb/pyldb.c | 7 +++++++ lib/ldb/tests/python/api.py | 19 +++++++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c index 7131f013f71b..57dfc5a04c2b 100644 --- a/lib/ldb/common/ldb_msg.c +++ b/lib/ldb/common/ldb_msg.c @@ -1272,6 +1272,7 @@ char *ldb_timestring(TALLOC_CTX *mem_ctx, time_t t) if (r != 17) { talloc_free(ts); + errno = EOVERFLOW; return NULL; } diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index d093daedf5c7..257351b2bc45 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -4227,6 +4227,13 @@ static PyObject *py_timestring(PyObject *module, PyObject *args) if (!PyArg_ParseTuple(args, "l", &t_val)) return NULL; tresult = ldb_timestring(NULL, (time_t) t_val); + if (tresult == NULL) { + /* + * Most likely EOVERFLOW from gmtime() + */ + PyErr_SetFromErrno(PyExc_OSError); + return NULL; + } ret = PyUnicode_FromString(tresult); talloc_free(tresult); return ret; diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py index 675b5859af8f..8d154aac6adf 100755 --- a/lib/ldb/tests/python/api.py +++ b/lib/ldb/tests/python/api.py @@ -5,10 +5,12 @@ import os from unittest import TestCase import sys +sys.path.insert(0, "bin/python") import gc import time import ldb import shutil +import errno PY3 = sys.version_info > (3, 0) @@ -42,10 +44,27 @@ class NoContextTests(TestCase): self.assertEqual("19700101000000.0Z", ldb.timestring(0)) self.assertEqual("20071119191012.0Z", ldb.timestring(1195499412)) + self.assertEqual("00000101000000.0Z", ldb.timestring(-62167219200)) + self.assertEqual("99991231235959.0Z", ldb.timestring(253402300799)) + + # should result with OSError EOVERFLOW from gmtime() + with self.assertRaises(OSError) as err: + ldb.timestring(-62167219201) + self.assertEqual(err.exception.errno, errno.EOVERFLOW) + with self.assertRaises(OSError) as err: + ldb.timestring(253402300800) + self.assertEqual(err.exception.errno, errno.EOVERFLOW) + with self.assertRaises(OSError) as err: + ldb.timestring(0x7fffffffffffffff) + self.assertEqual(err.exception.errno, errno.EOVERFLOW) + def test_string_to_time(self): self.assertEqual(0, ldb.string_to_time("19700101000000.0Z")) self.assertEqual(1195499412, ldb.string_to_time("20071119191012.0Z")) + self.assertEqual(-62167219200, ldb.string_to_time("00000101000000.0Z")) + self.assertEqual(253402300799, ldb.string_to_time("99991231235959.0Z")) + def test_binary_encode(self): encoded = ldb.binary_encode(b'test\\x') decoded = ldb.binary_decode(encoded) -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.