Hello community,

here is the log from the commit of package nss_ldap for openSUSE:Factory 
checked in at 2011-10-28 19:38:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nss_ldap (Old)
 and      /work/SRC/openSUSE:Factory/.nss_ldap.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "nss_ldap", Maintainer is "rha...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:Factory/nss_ldap/nss_ldap.changes        2011-09-23 
02:14:49.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.nss_ldap.new/nss_ldap.changes   2011-10-28 
19:59:32.000000000 +0200
@@ -1,0 +2,6 @@
+Fri Oct 28 10:19:49 UTC 2011 - rha...@suse.de
+
+- Entries with invalid (or too large) uidNumber/gidNumber attributes
+  could crash nss_ldap (bnc#726393)
+
+-------------------------------------------------------------------

New:
----
  nss_ldap-getent-skip-invalid-uidgidnumber.dif

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nss_ldap.spec ++++++
--- /var/tmp/diff_new_pack.Z5SO5G/_old  2011-10-28 19:59:55.000000000 +0200
+++ /var/tmp/diff_new_pack.Z5SO5G/_new  2011-10-28 19:59:55.000000000 +0200
@@ -40,6 +40,7 @@
 Patch1:         group-utf8.dif
 Patch2:         nss_ldap-ldapconn-leak-bug418.dif
 Patch3:         nss_ldap-getent-retry.dif
+Patch4:         nss_ldap-getent-skip-invalid-uidgidnumber.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -60,6 +61,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 cp -v %{S:1} .
 
 %build

++++++ nss_ldap-getent-skip-invalid-uidgidnumber.dif ++++++
Index: nss_ldap-265/ldap-pwd.c
===================================================================
--- nss_ldap-265.orig/ldap-pwd.c
+++ nss_ldap-265/ldap-pwd.c
@@ -121,7 +121,17 @@ _nss_ldap_parse_pw (LDAPMessage * e,
   stat =
     _nss_ldap_assign_attrval (e, AT (uidNumber), &uid, &tmp, &tmplen);
   if (stat != NSS_SUCCESS)
-    return stat;
+    {
+      /*
+       * uidNumber is to large to fit into the fixed size tmpbuf buffer,
+       * handle this as if it was a Schema violation to skip this entry,
+       * such large ids aren't valid
+       */
+      if ( stat == NSS_TRYAGAIN )
+       stat = NSS_NOTFOUND;
+      return stat;
+    }
+
   if (*uid == '\0')
     pw->pw_uid = UID_NOBODY;
   else
@@ -138,7 +148,16 @@ _nss_ldap_parse_pw (LDAPMessage * e,
     _nss_ldap_assign_attrval (e, ATM (LM_PASSWD, gidNumber), &gid, &tmp,
                               &tmplen);
   if (stat != NSS_SUCCESS)
-    return stat;
+    {
+      /*
+       * gidNumber is to large to fit into the fixed size tmpbuf buffer,
+       * handle this as if it was a Schema violation to skip this entry,
+       * such large ids aren't valid
+       */
+      if ( stat == NSS_TRYAGAIN )
+       stat = NSS_NOTFOUND;
+      return stat;
+    }
   if (*gid == '\0')
     pw->pw_gid = GID_NOBODY;
   else
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to