40cd75
From df5000efced2d00aa0fc6546fcf6fc7b02e27256 Mon Sep 17 00:00:00 2001
40cd75
From: Mark Reynolds <mreynolds@redhat.com>
40cd75
Date: Mon, 6 Nov 2017 22:30:55 -0500
40cd75
Subject: [PATCH] Ticket 49441 - Import crashes with large indexed binary 
40cd75
 attributes
40cd75
40cd75
Bug Description:  Importing an ldif file that contains entries with large
40cd75
                  binary attributes that are indexed crashes the server.
40cd75
                  The crash occurs when "encoding" the binary value to a
40cd75
                  string for debug logging, where we "underflow" the buffer
40cd75
                  space index which then allows the string buffer to overflow.
40cd75
40cd75
Fix Description:  While filling the string buffer with the encoded binary
40cd75
                  value we need to make sure if the buffer space is greater
40cd75
                  than zero before decrementing it.
40cd75
40cd75
                  Also check if trace logging is being used before we actually
40cd75
                  call the logging function which calls the "encoded" function
40cd75
                  first.  This way we avoid this costly "encoding" on every
40cd75
                  index call we make.
40cd75
40cd75
https://pagure.io/389-ds-base/issue/49441
40cd75
40cd75
Reviewed by: firstyear(Thanks!)
40cd75
---
40cd75
 ldap/servers/slapd/back-ldbm/index.c | 21 ++++++++++-----------
40cd75
 1 file changed, 10 insertions(+), 11 deletions(-)
40cd75
40cd75
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
40cd75
index d4de28ca3..d62052a22 100644
40cd75
--- a/ldap/servers/slapd/back-ldbm/index.c
40cd75
+++ b/ldap/servers/slapd/back-ldbm/index.c
40cd75
@@ -808,7 +808,10 @@ encode (const struct berval* data, char buf[BUFSIZ])
40cd75
 		    bufSpace -= (s - first);
40cd75
 		}
40cd75
 		do {
40cd75
-		    *bufNext++ = '\\'; --bufSpace;
40cd75
+		    if (bufSpace) {
40cd75
+		        *bufNext++ = '\\';
40cd75
+		        --bufSpace;
40cd75
+		    }
40cd75
 		    if (bufSpace < 2) {
40cd75
 			memcpy (bufNext, "..", 2);
40cd75
 			bufNext += 2;
40cd75
@@ -903,8 +906,10 @@ index_read_ext_allids(
40cd75
 		slapi_log_err(SLAPI_LOG_ERR, "index_read_ext_allids", "NULL prefix\n");
40cd75
 		return NULL;
40cd75
 	}
40cd75
-	slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( \"%s\" %s \"%s\" )\n",
40cd75
-		   type, prefix, encode (val, buf));
40cd75
+	if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) {
40cd75
+	    slapi_log_err(SLAPI_LOG_TRACE, "index_read_ext_allids", "=> ( \"%s\" %s \"%s\" )\n",
40cd75
+	                  type, prefix, encode (val, buf));
40cd75
+	}
40cd75
 
40cd75
 	basetype = typebuf;
40cd75
 	if ( (basetmp = slapi_attr_basetype( type, typebuf, sizeof(typebuf) ))
40cd75
@@ -1737,16 +1742,13 @@ addordel_values(
40cd75
                  */
40cd75
 		key.flags = DB_DBT_USERMEM;
40cd75
                 key.ulen = tmpbuflen;
40cd75
-#ifdef LDAP_ERROR_LOGGING
40cd75
-		/* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE )  XXX */
40cd75
-		{
40cd75
+        if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) {
40cd75
 			char encbuf[BUFSIZ];
40cd75
 
40cd75
 			slapi_log_err(SLAPI_LOG_TRACE, "addordel_values", "%s_value(\"%s\")\n",
40cd75
 				   (flags & BE_INDEX_ADD) ? "add" : "del",
40cd75
 				   encoded (&key, encbuf));
40cd75
 		}
40cd75
-#endif
40cd75
 
40cd75
 		if (NULL != txn) {
40cd75
 			db_txn = txn->back_txn_txn;
40cd75
@@ -1907,16 +1909,13 @@ addordel_values_sv(
40cd75
          */
40cd75
         key.flags = DB_DBT_USERMEM;
40cd75
         key.ulen = tmpbuflen;
40cd75
-#ifdef LDAP_ERROR_LOGGING
40cd75
-        /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE )  XXX */
40cd75
-        {
40cd75
+        if (slapi_is_loglevel_set(LDAP_DEBUG_TRACE)) {
40cd75
             char encbuf[BUFSIZ];
40cd75
 
40cd75
             slapi_log_err(SLAPI_LOG_TRACE, "addordel_values_sv", "%s_value(\"%s\")\n",
40cd75
                        (flags & BE_INDEX_ADD) ? "add" : "del",
40cd75
                        encoded (&key, encbuf));
40cd75
         }
40cd75
-#endif
40cd75
 
40cd75
         if (NULL != txn) {
40cd75
             db_txn = txn->back_txn_txn;
40cd75
-- 
40cd75
2.13.6
40cd75