Blame SOURCES/0040-Ticket-49470-overflow-in-pblock_get.patch

b045b9
From 30fa0e4c993d4a91a90327329b50f02e637fe049 Mon Sep 17 00:00:00 2001
b045b9
From: William Brown <firstyear@redhat.com>
b045b9
Date: Tue, 28 Nov 2017 15:31:25 +0100
b045b9
Subject: [PATCH] Ticket 49470 - overflow in pblock_get
b045b9
b045b9
Bug Description:  While getting the connection id we used an int
b045b9
not a uint64_t
b045b9
b045b9
Fix Description:  Make the stack size uint64_t instead.
b045b9
b045b9
https://pagure.io/389-ds-base/issue/49470
b045b9
b045b9
Author: wibrown
b045b9
b045b9
Review by: tbordaz
b045b9
---
b045b9
 ldap/servers/slapd/modify.c | 5 +++--
b045b9
 ldap/servers/slapd/pblock.c | 4 ++--
b045b9
 ldap/servers/slapd/slap.h   | 2 +-
b045b9
 3 files changed, 6 insertions(+), 5 deletions(-)
b045b9
b045b9
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
b045b9
index 6309975ae..0dcac646b 100644
b045b9
--- a/ldap/servers/slapd/modify.c
b045b9
+++ b/ldap/servers/slapd/modify.c
b045b9
@@ -281,11 +281,12 @@ do_modify(Slapi_PBlock *pb)
b045b9
 
b045b9
     if (ignored_some_mods && (0 == smods.num_elements)) {
b045b9
         if (pb_conn->c_isreplication_session) {
b045b9
-            int connid, opid;
b045b9
+            uint64_t connid;
b045b9
+            int32_t opid;
b045b9
             slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
b045b9
             slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
b045b9
             slapi_log_err(SLAPI_LOG_ERR, "do_modify",
b045b9
-                          "Rejecting replicated password policy operation(conn=%d op=%d) for "
b045b9
+                          "Rejecting replicated password policy operation(conn=%"PRIu64" op=%d) for "
b045b9
                           "entry %s.  To allow these changes to be accepted, set passwordIsGlobalPolicy to 'on' in "
b045b9
                           "cn=config.\n",
b045b9
                           connid, opid, rawdn);
b045b9
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
b045b9
index 8f87de5b5..4514c3ce6 100644
b045b9
--- a/ldap/servers/slapd/pblock.c
b045b9
+++ b/ldap/servers/slapd/pblock.c
b045b9
@@ -412,7 +412,7 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value)
b045b9
                           "slapi_pblock_get", "Connection is NULL and hence cannot access SLAPI_CONN_ID \n");
b045b9
             return (-1);
b045b9
         }
b045b9
-        (*(PRUint64 *)value) = pblock->pb_conn->c_connid;
b045b9
+        (*(uint64_t *)value) = pblock->pb_conn->c_connid;
b045b9
         break;
b045b9
     case SLAPI_CONN_DN:
b045b9
         /*
b045b9
@@ -2538,7 +2538,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value)
b045b9
                           "slapi_pblock_set", "Connection is NULL and hence cannot access SLAPI_CONN_ID \n");
b045b9
             return (-1);
b045b9
         }
b045b9
-        pblock->pb_conn->c_connid = *((PRUint64 *)value);
b045b9
+        pblock->pb_conn->c_connid = *((uint64_t *)value);
b045b9
         break;
b045b9
     case SLAPI_CONN_DN:
b045b9
         /*
b045b9
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
b045b9
index 44632580a..830944f72 100644
b045b9
--- a/ldap/servers/slapd/slap.h
b045b9
+++ b/ldap/servers/slapd/slap.h
b045b9
@@ -1604,7 +1604,7 @@ typedef struct conn
b045b9
     int c_gettingber;                /* in the middle of ber_get_next  */
b045b9
     BerElement *c_currentber;        /* ber we're getting              */
b045b9
     time_t c_starttime;              /* when the connection was opened */
b045b9
-    PRUint64 c_connid;               /* id of this connection for stats*/
b045b9
+    uint64_t c_connid;               /* id of this connection for stats*/
b045b9
     PRUint64 c_maxthreadscount;      /* # of times a conn hit max threads */
b045b9
     PRUint64 c_maxthreadsblocked;    /* # of operations blocked by maxthreads */
b045b9
     int c_opsinitiated;              /* # ops initiated/next op id      */
b045b9
-- 
b045b9
2.13.6
b045b9