openldap-bugs January 2015

openldap-bugs@openldap.org

22 participants
114 discussions

Re: (ITS#8012) SIGSEGV while disconnect/abandon
by hyc＠symas.com 03 Jan '15

03 Jan '15

Leonid Yuriev wrote: > Patch update: > > Detaching a syncops record from op-list CONDITIONALLY, only when it > was freed by syncprov_free_syncop. > The syncprov_drop_psearch() and syncprov_drop_psearch() now returns > a flag, which is nonzero if the given syncops was freed. Thanks, applied to master. > > Leonid. > > 29.12.2014 13:50, Leonid Yuriev ïèøåò: >> Please review attached patch and merge-in. >> >> Leonid. >> >> --- >> >> The attached files is derived from OpenLDAP Software. All of the >> modifications >> to OpenLDAP Software represented in the following patch(es) were >> developed by >> Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned >> rights >> and/or interest in this work to any party. I, Leonid Yuriev am >> authorized by >> Peter-Service LLC, my employer, to release this work under the >> following terms. >> >> Peter-Service LLC hereby places the following modifications to >> OpenLDAP Software >> (and only these modifications) into the public domain. Hence, these >> modifications may be freely used and/or redistributed for any purpose >> with or without attribution and/or other notice. >> > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8013) SIGSEGV in test_filter()
by hyc＠symas.com 03 Jan '15

03 Jan '15

hyc(a)symas.com wrote: > Leonid Yuriev wrote: >> >> 04.01.2015 02:47, Howard Chu wrote: >>> The patch is wrong. syncprov_matchops can be called twice for the same >>> operation; toggling the flag where you've placed it means the filter >>> will be incorrect on the 2nd invocation as well as on all subsequent >>> invocations. >> >> Ok, but found another case. >> The ss->s_op->ors_filter may be updated immediately after the s_mutex >> released. > > Seems like the simpler fix then is to keep the mutex held until after > test_filter finishes. Fixed in master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8013) SIGSEGV in test_filter()
by hyc＠symas.com 03 Jan '15

03 Jan '15

Leonid Yuriev wrote: > > 04.01.2015 02:47, Howard Chu wrote: >> The patch is wrong. syncprov_matchops can be called twice for the same >> operation; toggling the flag where you've placed it means the filter >> will be incorrect on the 2nd invocation as well as on all subsequent >> invocations. > > Ok, but found another case. > The ss->s_op->ors_filter may be updated immediately after the s_mutex > released. Seems like the simpler fix then is to keep the mutex held until after test_filter finishes. > > This is a simple change for reproducing the bug. > > diff --git a/servers/slapd/overlays/syncprov.c > b/servers/slapd/overlays/syncprov.c > index 5ef2eaa..f579faa 100644 > --- a/servers/slapd/overlays/syncprov.c > +++ b/servers/slapd/overlays/syncprov.c > @@ -1295,6 +1295,7 @@ syncprov_matchops( Operation *op, opcookie *opc, > int saveit ) > } > > if ( fc.fscope ) { > + Filter *paranoia; > ldap_pvt_thread_mutex_lock( &ss->s_mutex ); > op2 = *ss->s_op; > oh = *op->o_hdr; > @@ -1304,6 +1305,7 @@ syncprov_matchops( Operation *op, opcookie *opc, > int saveit ) > op2.o_hdr = &oh; > op2.o_extra = op->o_extra; > op2.o_callback = NULL; > + paranoia = ss->s_op->ors_filter; > if (ss->s_flags & PS_FIX_FILTER) { > /* Skip the AND/GE clause that we stuck on in front. We > would lose deletes/mods that happen during the refresh > @@ -1311,7 +1313,11 @@ syncprov_matchops( Operation *op, opcookie *opc, > int saveit ) > op2.ors_filter = ss->s_op->ors_filter->f_and->f_next; > } > ldap_pvt_thread_mutex_unlock( &ss->s_mutex ); > + assert (paranoia == ss->s_op->ors_filter || paranoia == > ss->s_op->ors_filter->f_and->f_next); > + usleep(1000); > + assert (paranoia == ss->s_op->ors_filter || paranoia == > ss->s_op->ors_filter->f_and->f_next); > rc = test_filter( &op2, e, op2.ors_filter ); > + assert (paranoia == ss->s_op->ors_filter || paranoia == > ss->s_op->ors_filter->f_and->f_next); > } > > Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope > %d rc %d\n", > > Updated patch attached. > Please review and merge. > > Leonid. > > --- > > The attached files is derived from OpenLDAP Software. All of the > modifications > to OpenLDAP Software represented in the following patch(es) were > developed by > Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned > rights > and/or interest in this work to any party. I, Leonid Yuriev am > authorized by > Peter-Service LLC, my employer, to release this work under the following > terms. > > Peter-Service LLC hereby places the following modifications to OpenLDAP > Software > (and only these modifications) into the public domain. Hence, these > modifications may be freely used and/or redistributed for any purpose > with or without attribution and/or other notice. > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8014) minor memleak in slapadd
by hyc＠symas.com 03 Jan '15

03 Jan '15

leo(a)yuriev.ru wrote: > Full_Name: Leonid Yuriev > Version: 2.4-HEAD > OS: RHEL7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (31.130.36.33) > > > Minor memleak was found by valgrind tool. > Patch will be available shortly. Thanks for the report. Fixed in master. > > Leonid. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8013) SIGSEGV in test_filter()
by leo＠yuriev.ru 03 Jan '15

03 Jan '15

This is a multi-part message in MIME format. --------------070009030106040804000907 Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit 04.01.2015 02:47, Howard Chu wrote: > The patch is wrong. syncprov_matchops can be called twice for the same > operation; toggling the flag where you've placed it means the filter > will be incorrect on the 2nd invocation as well as on all subsequent > invocations. Ok, but found another case. The ss->s_op->ors_filter may be updated immediately after the s_mutex released. This is a simple change for reproducing the bug. diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c index 5ef2eaa..f579faa 100644 --- a/servers/slapd/overlays/syncprov.c +++ b/servers/slapd/overlays/syncprov.c @@ -1295,6 +1295,7 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) } if ( fc.fscope ) { + Filter *paranoia; ldap_pvt_thread_mutex_lock( &ss->s_mutex ); op2 = *ss->s_op; oh = *op->o_hdr; @@ -1304,6 +1305,7 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) op2.o_hdr = &oh; op2.o_extra = op->o_extra; op2.o_callback = NULL; + paranoia = ss->s_op->ors_filter; if (ss->s_flags & PS_FIX_FILTER) { /* Skip the AND/GE clause that we stuck on in front. We would lose deletes/mods that happen during the refresh @@ -1311,7 +1313,11 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) op2.ors_filter = ss->s_op->ors_filter->f_and->f_next; } ldap_pvt_thread_mutex_unlock( &ss->s_mutex ); + assert (paranoia == ss->s_op->ors_filter || paranoia == ss->s_op->ors_filter->f_and->f_next); + usleep(1000); + assert (paranoia == ss->s_op->ors_filter || paranoia == ss->s_op->ors_filter->f_and->f_next); rc = test_filter( &op2, e, op2.ors_filter ); + assert (paranoia == ss->s_op->ors_filter || paranoia == ss->s_op->ors_filter->f_and->f_next); } Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n", Updated patch attached. Please review and merge. Leonid. --- The attached files is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned rights and/or interest in this work to any party. I, Leonid Yuriev am authorized by Peter-Service LLC, my employer, to release this work under the following terms. Peter-Service LLC hereby places the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice. --------------070009030106040804000907 Content-Type: text/x-patch; name="its8013.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="its8013.patch" commit 5014e0b526e68c21bcfd9a9dd43d154d621f7476 Author: Leo Yuriev <leo(a)yuriev.ru> Date: 2015-01-01 16:44:50 +0300 ITS#8013 fix rare SIGSEGV in test_filter(). Filter may be updated/fixed and freed in other thread immediately after release the s_mutex, while the test_filter() running. Also now specifically damaged filter fields when it freed. This will enable faster detection of such errors (fail-fast by SIGSEGV). diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c index b859f73..f440336 100644 --- a/servers/slapd/filter.c +++ b/servers/slapd/filter.c @@ -566,6 +566,8 @@ filter_free_x( Operation *op, Filter *f, int freeme ) break; } + f->f_next = (void*) -1l; + f->f_un.f_un_complex = (void*) -1l; if ( freeme ) { op->o_tmpfree( f, op->o_tmpmemctx ); } diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c index 5ef2eaa..2369edb 100644 --- a/servers/slapd/overlays/syncprov.c +++ b/servers/slapd/overlays/syncprov.c @@ -1304,14 +1304,17 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit ) op2.o_hdr = &oh; op2.o_extra = op->o_extra; op2.o_callback = NULL; - if (ss->s_flags & PS_FIX_FILTER) { + if ( ss->s_flags & PS_FIX_FILTER ) { /* Skip the AND/GE clause that we stuck on in front. We would lose deletes/mods that happen during the refresh phase otherwise (ITS#6555) */ - op2.ors_filter = ss->s_op->ors_filter->f_and->f_next; + op2.ors_filter = filter_dup( op2.ors_filter->f_and->f_next, NULL ); + } else { + op2.ors_filter = filter_dup( op2.ors_filter, NULL ); } ldap_pvt_thread_mutex_unlock( &ss->s_mutex ); rc = test_filter( &op2, e, op2.ors_filter ); + filter_free( op2.ors_filter ); } Debug( LDAP_DEBUG_TRACE, "syncprov_matchops: sid %03x fscope %d rc %d\n", @@ -2237,6 +2240,7 @@ syncprov_detach_op( Operation *op, syncops *so, slap_overinst *on ) /* Skip the AND/GE clause that we stuck on in front */ if ( so->s_flags & PS_FIX_FILTER ) { + assert(op2->ors_filter->f_choice == LDAP_FILTER_AND); op2->ors_filter = op->ors_filter->f_and->f_next; so->s_flags ^= PS_FIX_FILTER; } else { @@ -2390,7 +2394,6 @@ syncprov_search_response( Operation *op, SlapReply *rs ) ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); /* syncprov_ab_cleanup will free this syncop */ return SLAPD_ABANDON; - } else { ldap_pvt_thread_mutex_lock( &ss->ss_so->s_mutex ); /* Turn off the refreshing flag */ --------------070009030106040804000907--

1 0

Re: (ITS#8013) SIGSEGV in test_filter()
by hyc＠symas.com 03 Jan '15

03 Jan '15

Leonid Yuriev wrote: > Please review attached patch and merge. The patch is wrong. syncprov_matchops can be called twice for the same operation; toggling the flag where you've placed it means the filter will be incorrect on the 2nd invocation as well as on all subsequent invocations. > > Leonid. > > --- > > The attached files is derived from OpenLDAP Software. All of the > modifications > to OpenLDAP Software represented in the following patch(es) were > developed by > Peter-Service LLC, Moscow, Russia. Peter-Service LLC has not assigned > rights > and/or interest in this work to any party. I, Leonid Yuriev am > authorized by > Peter-Service LLC, my employer, to release this work under the following > terms. > > Peter-Service LLC hereby places the following modifications to OpenLDAP > Software > (and only these modifications) into the public domain. Hence, these > modifications may be freely used and/or redistributed for any purpose > with or without attribution and/or other notice. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8015) memcpy() overlapping in many places
by hyc＠symas.com 03 Jan '15

03 Jan '15

kurt(a)OpenLDAP.org wrote: > AC_MEMCPY is generally memove(3). It would only be memcpy(3) if both = > memmove(3) or bcopy(3) were not available. So at most your patch will = > cause link errors. Closing this ITS. The patch is obviously invalid. > > =E2=80=94 Kurt > >> On Jan 3, 2015, at 11:21 AM, leo(a)yuriev.ru wrote: >> =20 >> This is a multi-part message in MIME format. >> --------------090408030902080204080503 >> Content-Type: text/plain; charset=3Dwindows-1251; format=3Dflowed >> Content-Transfer-Encoding: 7bit >> =20 >> Please review and merge. >> =20 >> Leonid. >> =20 >> =20 >> --------------090408030902080204080503 >> Content-Type: text/x-patch; >> name=3D"its8015.patch" >> Content-Transfer-Encoding: 7bit >> Content-Disposition: attachment; >> filename=3D"its8015.patch" >> =20 >> commit 8d55a7c88c6655879ffc677e5a9873f29bb7a802 >> Author: Leo Yuriev <leo(a)yuriev.ru> >> Date: 2015-01-01 16:00:58 +0300 >> =20 >> ITS#8015 replace memcpy() by memmove() for overlapped src & dst. >> =20 >> http://lwn.net/Articles/414467/ >> =20 >> Initially a few cases have been detected using Valgrind. >> After that I manually reviewed all calls memcpy() and AC_MEMCPY() >> it the 2.4 branch. >> =20 >> Unfortunately, we can not expect that all of these mistakes >> corrected, but it is much more than nothing. >> =20 >> diff --git a/libraries/liblber/encode.c b/libraries/liblber/encode.c >> index e39fa07..3eb15c6 100644 >> --- a/libraries/liblber/encode.c >> +++ b/libraries/liblber/encode.c >> @@ -398,7 +398,7 @@ ber_start_seqorset( >> return -1; >> } >> dest =3D *p; >> - AC_MEMCPY( dest, headptr, headlen ); >> + memmove( dest, headptr, headlen ); >> ber->ber_sos_ptr =3D dest + headlen; >> =20 >> ber->ber_sos_inner =3D dest + taglen - ber->ber_buf; >> @@ -467,7 +467,7 @@ ber_put_seqorset( BerElement *ber ) >> if ( unused !=3D 0 ) { >> /* length(length) < the reserved SOS_LENLEN = > bytes */ >> xlen -=3D unused; >> - AC_MEMCPY( lenptr, p, xlen ); >> + memmove( lenptr, p, xlen ); >> ber->ber_sos_ptr =3D (char *) lenptr + xlen; >> } >> } >> diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c >> index 8878d1f..4ad605f 100644 >> --- a/libraries/libldap/sasl.c >> +++ b/libraries/libldap/sasl.c >> @@ -628,7 +628,7 @@ sb_sasl_generic_drop_packet ( >> =20 >> len =3D p->sec_buf_in.buf_ptr - p->sec_buf_in.buf_end; >> if ( len > 0 ) >> - AC_MEMCPY( p->sec_buf_in.buf_base, = > p->sec_buf_in.buf_base + >> + memmove( p->sec_buf_in.buf_base, p->sec_buf_in.buf_base = > + >> p->sec_buf_in.buf_end, len ); >> =20 >> if ( len >=3D 4 ) { >> diff --git a/libraries/liblutil/utils.c b/libraries/liblutil/utils.c >> index 310380b..a783167 100644 >> --- a/libraries/liblutil/utils.c >> +++ b/libraries/liblutil/utils.c >> @@ -841,7 +841,7 @@ lutil_str2bin( struct berval *in, struct berval = > *out, void *ctx ) >> num.buf[num.beg] =3D neg; >> } >> if ( num.beg ) >> - AC_MEMCPY( num.buf, num.buf+num.beg, num.len ); >> + memmove( num.buf, num.buf+num.beg, num.len ); >> out->bv_len =3D num.len; >> decfail: >> if ( tmp !=3D tmpbuf ) { >> diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c >> index f5c244c..f935efc 100644 >> --- a/servers/slapd/aclparse.c >> +++ b/servers/slapd/aclparse.c >> @@ -2317,7 +2317,7 @@ acl_regex_normalized_dn( >> for ( q =3D &p[2]; q[0] =3D=3D ' '; q++ ) { >> /* DO NOTHING */ ; >> } >> - AC_MEMCPY( p+1, q, len-(q-str)+1); >> + memmove( p+1, q, len-(q-str)+1); >> } >> } >> pattern->bv_val =3D str; >> diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c >> index 6f6cb2f..2357452 100644 >> --- a/servers/slapd/ad.c >> +++ b/servers/slapd/ad.c >> @@ -277,7 +277,7 @@ int slap_bv2ad( >> } else if ( rc > 0 || >> ( rc =3D=3D 0 && = > (unsigned)optlen > tags[i].bv_len )) >> { >> - AC_MEMCPY( &tags[i+2], = > &tags[i+1], >> + memmove( &tags[i+2], &tags[i+1], >> = > (ntags-i-1)*sizeof(struct berval) ); >> tags[i+1].bv_val =3D opt; >> tags[i+1].bv_len =3D optlen; >> @@ -286,7 +286,7 @@ int slap_bv2ad( >> } >> =20 >> if( ntags ) { >> - AC_MEMCPY( &tags[1], &tags[0], >> + memmove( &tags[1], &tags[0], >> ntags*sizeof(struct berval) ); >> } >> tags[0].bv_val =3D opt; >> diff --git a/servers/slapd/back-bdb/attr.c = > b/servers/slapd/back-bdb/attr.c >> index 2f183b3..e4ab16f 100644 >> --- a/servers/slapd/back-bdb/attr.c >> +++ b/servers/slapd/back-bdb/attr.c >> @@ -71,7 +71,7 @@ ainfo_insert( struct bdb_info *bdb, AttrInfo *a ) >> bdb->bi_attrs =3D ch_realloc( bdb->bi_attrs, ( bdb->bi_nattrs+1 = > ) *=20 >> sizeof( AttrInfo * )); >> if ( x < bdb->bi_nattrs ) >> - AC_MEMCPY( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x], >> + memmove( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x], >> ( bdb->bi_nattrs - x ) * sizeof( AttrInfo *)); >> bdb->bi_attrs[x] =3D a; >> bdb->bi_nattrs++; >> diff --git a/servers/slapd/back-bdb/idl.c = > b/servers/slapd/back-bdb/idl.c >> index c6bc9f3..f024245 100644 >> --- a/servers/slapd/back-bdb/idl.c >> +++ b/servers/slapd/back-bdb/idl.c >> @@ -204,7 +204,7 @@ int bdb_idl_insert( ID *ids, ID id ) >> =09 >> } else { >> /* insert id */ >> - AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) = > ); >> + memmove( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); >> ids[x] =3D id; >> } >> =20 >> @@ -262,7 +262,7 @@ int bdb_idl_delete( ID *ids, ID id ) >> } >> =20 >> } else { >> - AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = > ); >> + memmove( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = > ); >> } >> =20 >> #if IDL_DEBUG > 1 >> diff --git a/servers/slapd/back-ldap/config.c = > b/servers/slapd/back-ldap/config.c >> index 11a4ac4..4b5c394 100644 >> --- a/servers/slapd/back-ldap/config.c >> +++ b/servers/slapd/back-ldap/config.c >> @@ -1047,7 +1047,7 @@ ldap_back_cf_gen( ConfigArgs *c ) >> =20 >> if ( i ) { >> bv.bv_len -=3D i; >> - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], >> + memmove( bv.bv_val, &bv.bv_val[ i ], >> bv.bv_len + 1 ); >> } >> =20 >> @@ -1239,7 +1239,7 @@ ldap_back_cf_gen( ConfigArgs *c ) >> =20 >> if ( i ) { >> bc.bv_len -=3D i; >> - AC_MEMCPY( bc.bv_val, = > &bc.bv_val[ i ], bc.bv_len + 1 ); >> + memmove( bc.bv_val, &bc.bv_val[ = > i ], bc.bv_len + 1 ); >> } >> =20 >> bv =3D bc; >> @@ -1298,7 +1298,7 @@ ldap_back_cf_gen( ConfigArgs *c ) >> =20 >> if ( i ) { >> bv.bv_len -=3D i; >> - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], >> + memmove( bv.bv_val, &bv.bv_val[ i ], >> bv.bv_len + 1 ); >> } >> =20 >> diff --git a/servers/slapd/back-ldap/search.c = > b/servers/slapd/back-ldap/search.c >> index eeab466..b100510 100644 >> --- a/servers/slapd/back-ldap/search.c >> +++ b/servers/slapd/back-ldap/search.c >> @@ -109,7 +109,7 @@ ldap_back_munge_filter( >> =20 >> ptr =3D filter->bv_val + ( ptr - oldfilter.bv_val ); >> =20 >> - AC_MEMCPY( &ptr[ newbv->bv_len ], >> + memmove( &ptr[ newbv->bv_len ], >> &ptr[ oldbv->bv_len ],=20 >> oldfilter.bv_len - ( ptr - = > filter->bv_val ) - oldbv->bv_len + 1 ); >> AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len ); >> diff --git a/servers/slapd/back-mdb/attr.c = > b/servers/slapd/back-mdb/attr.c >> index 5da9da9..38e513e 100644 >> --- a/servers/slapd/back-mdb/attr.c >> +++ b/servers/slapd/back-mdb/attr.c >> @@ -71,7 +71,7 @@ ainfo_insert( struct mdb_info *mdb, AttrInfo *a ) >> mdb->mi_attrs =3D ch_realloc( mdb->mi_attrs, ( mdb->mi_nattrs+1 = > ) *=20 >> sizeof( AttrInfo * )); >> if ( x < mdb->mi_nattrs ) >> - AC_MEMCPY( &mdb->mi_attrs[x+1], &mdb->mi_attrs[x], >> + memmove( &mdb->mi_attrs[x+1], &mdb->mi_attrs[x], >> ( mdb->mi_nattrs - x ) * sizeof( AttrInfo *)); >> mdb->mi_attrs[x] =3D a; >> mdb->mi_nattrs++; >> diff --git a/servers/slapd/back-mdb/idl.c = > b/servers/slapd/back-mdb/idl.c >> index 3c2f986..c03f7c3 100644 >> --- a/servers/slapd/back-mdb/idl.c >> +++ b/servers/slapd/back-mdb/idl.c >> @@ -173,7 +173,7 @@ int mdb_idl_insert( ID *ids, ID id ) >> =09 >> } else { >> /* insert id */ >> - AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) = > ); >> + memmove( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); >> ids[x] =3D id; >> } >> =20 >> @@ -231,7 +231,7 @@ static int mdb_idl_delete( ID *ids, ID id ) >> } >> =20 >> } else { >> - AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = > ); >> + memmove( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = > ); >> } >> =20 >> #if IDL_DEBUG > 1 >> diff --git a/servers/slapd/back-meta/config.c = > b/servers/slapd/back-meta/config.c >> index e3164b0..daa5e8b 100644 >> --- a/servers/slapd/back-meta/config.c >> +++ b/servers/slapd/back-meta/config.c >> @@ -1340,7 +1340,7 @@ meta_back_cf_gen( ConfigArgs *c ) >> =20 >> if ( i ) { >> bv.bv_len -=3D i; >> - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], >> + memmove( bv.bv_val, &bv.bv_val[ i ], >> bv.bv_len + 1 ); >> } >> =20 >> @@ -1597,7 +1597,7 @@ meta_back_cf_gen( ConfigArgs *c ) >> =20 >> if ( i ) { >> bc.bv_len -=3D i; >> - AC_MEMCPY( bc.bv_val, = > &bc.bv_val[ i ], bc.bv_len + 1 ); >> + memmove( bc.bv_val, &bc.bv_val[ = > i ], bc.bv_len + 1 ); >> } >> =20 >> bv =3D bc; >> @@ -2720,7 +2720,7 @@ idassert-authzFrom "dn:<rootdn>" >> int len =3D strlen( argv[ 0 ] ); >> =20 >> ber_str2bv( line, 0, 0, &bv ); >> - AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + = > 1 ], >> + memmove( &bv.bv_val[ len ], &bv.bv_val[ len + 1 = > ], >> bv.bv_len - ( len + 1 )); >> bv.bv_val[ bv.bv_len - 1] =3D '"'; >> ber_bvarray_add( &mt->mt_rwmap.rwm_bva_rewrite, = > &bv ); >> diff --git a/servers/slapd/back-sql/util.c = > b/servers/slapd/back-sql/util.c >> index 3564527..7c77964 100644 >> --- a/servers/slapd/back-sql/util.c >> +++ b/servers/slapd/back-sql/util.c >> @@ -411,7 +411,7 @@ backsql_split_pattern( >> =20 >> } else if ( real_end[ 1 ] =3D=3D SPLIT_CHAR ) { >> expected++; >> - AC_MEMCPY( real_end, real_end + 1, strlen( = > real_end ) ); >> + memmove( real_end, real_end + 1, strlen( = > real_end ) ); >> end =3D strchr( real_end + 1, SPLIT_CHAR ); >> continue; >> } >> diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c >> index 2214334..9655629 100644 >> --- a/servers/slapd/bconfig.c >> +++ b/servers/slapd/bconfig.c >> @@ -2353,7 +2353,7 @@ sortval_reject: >> s =3D ber_bvchr( &bv, '"' ); >> assert( s !=3D NULL ); >> /* move the trailing quote of = > argv[0] to the end */ >> - AC_MEMCPY( s, s + 1, bv.bv_len - = > ( s - bv.bv_val ) ); >> + memmove( s, s + 1, bv.bv_len - ( = > s - bv.bv_val ) ); >> bv.bv_val[ bv.bv_len - 1 ] =3D = > '"'; >> =20 >> } else { >> diff --git a/servers/slapd/config.c b/servers/slapd/config.c >> index cdc17d9..5c0dd55 100644 >> --- a/servers/slapd/config.c >> +++ b/servers/slapd/config.c >> @@ -2159,12 +2159,12 @@ strtok_quote( char *line, char *sep, char = > **quote_ptr ) >> } else { >> inquote =3D 1; >> } >> - AC_MEMCPY( next, next + 1, strlen( next + 1 ) + = > 1 ); >> + memmove( next, next + 1, strlen( next + 1 ) + 1 = > ); >> break; >> =20 >> case '\\': >> if ( next[1] ) >> - AC_MEMCPY( next, >> + memmove( next, >> next + 1, strlen( next + 1 ) = > + 1 ); >> next++; /* dont parse the escaped = > character */ >> break; >> diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c >> index 9b51f95..6b1f1d7 100644 >> --- a/servers/slapd/controls.c >> +++ b/servers/slapd/controls.c >> @@ -1005,7 +1005,7 @@ slap_remove_control( >> op->o_tmpfree( op->o_ctrls[ j ], op->o_tmpmemctx ); >> =20 >> if ( i > 1 ) { >> - AC_MEMCPY( &op->o_ctrls[ j ], &op->o_ctrls[ j + = > 1 ], >> + memmove( &op->o_ctrls[ j ], &op->o_ctrls[ j + 1 = > ], >> ( i - j ) * sizeof( LDAPControl * ) ); >> =20 >> } else { >> diff --git a/servers/slapd/overlays/constraint.c = > b/servers/slapd/overlays/constraint.c >> index 096f32a..99844a5 100644 >> --- a/servers/slapd/overlays/constraint.c >> +++ b/servers/slapd/overlays/constraint.c >> @@ -401,7 +401,7 @@ constraint_cf_gen( ConfigArgs *c ) >> rc =3D ARG_BAD_CONF; >> goto done; >> } >> - AC_MEMCPY( = > &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 ); >> + memmove( &ap.lud->lud_filter[0], = > &ap.lud->lud_filter[1], len - 2 ); >> ap.lud->lud_filter[len - 2] =3D = > '\0'; >> } >> =20 >> diff --git a/servers/slapd/overlays/memberof.c = > b/servers/slapd/overlays/memberof.c >> index 17cbae7..dcfb047 100644 >> --- a/servers/slapd/overlays/memberof.c >> +++ b/servers/slapd/overlays/memberof.c >> @@ -616,10 +616,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) >> break; >> } >> =09 >> - AC_MEMCPY( &a->a_vals[ i ], = > &a->a_vals[ i + 1 ], >> + memmove( &a->a_vals[ i ], = > &a->a_vals[ i + 1 ], >> sizeof( struct berval ) = > * ( j - i ) ); >> if ( a->a_nvals !=3D a->a_vals ) = > { >> - AC_MEMCPY( &a->a_nvals[ = > i ], &a->a_nvals[ i + 1 ], >> + memmove( &a->a_nvals[ i = > ], &a->a_nvals[ i + 1 ], >> sizeof( struct = > berval ) * ( j - i ) ); >> } >> i--; >> @@ -698,10 +698,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) >> break; >> } >> =09 >> - AC_MEMCPY( &a->a_vals[ i ], = > &a->a_vals[ i + 1 ], >> + memmove( &a->a_vals[ i ], = > &a->a_vals[ i + 1 ], >> sizeof( struct berval ) = > * ( j - i ) ); >> if ( a->a_nvals !=3D a->a_vals ) = > { >> - AC_MEMCPY( &a->a_nvals[ = > i ], &a->a_nvals[ i + 1 ], >> + memmove( &a->a_nvals[ i = > ], &a->a_nvals[ i + 1 ], >> sizeof( struct = > berval ) * ( j - i ) ); >> } >> i--; >> @@ -922,9 +922,9 @@ memberof_op_modify( Operation *op, SlapReply *rs ) >> break; >> } >> =09 >> - AC_MEMCPY( = > &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], >> + memmove( = > &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], >> sizeof( = > struct berval ) * ( j - i ) ); >> - AC_MEMCPY( = > &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], >> + memmove( = > &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], >> sizeof( = > struct berval ) * ( j - i ) ); >> i--; >> } >> @@ -1022,10 +1022,10 @@ memberof_op_modify( Operation *op, SlapReply = > *rs ) >> break; >> } >> =09 >> - AC_MEMCPY( = > &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], >> + memmove( = > &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], >> sizeof( = > struct berval ) * ( j - i ) ); >> if ( = > ml->sml_nvalues !=3D ml->sml_values ) { >> - = > AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], >> + memmove( = > &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], >> = > sizeof( struct berval ) * ( j - i ) ); >> } >> i--; >> @@ -1140,10 +1140,10 @@ memberof_op_modify( Operation *op, SlapReply = > *rs ) >> break; >> } >> =09 >> - AC_MEMCPY( = > &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], >> + memmove( = > &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], >> sizeof( struct = > berval ) * ( j - i ) ); >> if ( ml->sml_nvalues !=3D = > ml->sml_values ) { >> - AC_MEMCPY( = > &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], >> + memmove( = > &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], >> sizeof( = > struct berval ) * ( j - i ) ); >> } >> i--; >> diff --git a/servers/slapd/overlays/rwm.c = > b/servers/slapd/overlays/rwm.c >> index 1fbfac3..22a536a 100644 >> --- a/servers/slapd/overlays/rwm.c >> +++ b/servers/slapd/overlays/rwm.c >> @@ -2014,7 +2014,7 @@ rwm_bva_add( >> int len =3D strlen( argv[ 0 ] ); >> =20 >> ber_str2bv( line, 0, 0, &bv ); >> - AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], >> + memmove( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], >> bv.bv_len - ( len + 1 ) ); >> bv.bv_val[ bv.bv_len - 1 ] =3D '"'; >> =20 >> diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c >> index b47a528..7436614 100644 >> --- a/servers/slapd/sasl.c >> +++ b/servers/slapd/sasl.c >> @@ -1342,7 +1342,7 @@ slap_sasl_peer2ipport( struct berval *peer ) >> *p =3D ';'; >> if ( isv6 ) { >> assert( p[-1] =3D=3D ']' ); >> - AC_MEMCPY( &p[-1], p, plen - ( p - ipport ) + 1 = > ); >> + memmove( &p[-1], p, plen - ( p - ipport ) + 1 ); >> } >> =20 >> } else if ( isv6 ) { >> diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c >> index 5e0ebbe..5449603 100644 >> --- a/servers/slapd/saslauthz.c >> +++ b/servers/slapd/saslauthz.c >> @@ -182,14 +182,14 @@ int slap_parse_user( struct berval *id, struct = > berval *user, >> if ( !BER_BVISNULL( mech ) ) { >> assert( mech->bv_val =3D=3D id->bv_val + 2 ); >> =20 >> - AC_MEMCPY( mech->bv_val - 2, mech->bv_val, mech->bv_len = > + 1 ); >> + memmove( mech->bv_val - 2, mech->bv_val, mech->bv_len + = > 1 ); >> mech->bv_val -=3D 2; >> } >> =20 >> if ( !BER_BVISNULL( realm ) ) { >> assert( realm->bv_val >=3D id->bv_val + 2 ); >> =20 >> - AC_MEMCPY( realm->bv_val - 2, realm->bv_val, = > realm->bv_len + 1 ); >> + memmove( realm->bv_val - 2, realm->bv_val, realm->bv_len = > + 1 ); >> realm->bv_val -=3D 2; >> } >> =20 >> =20 >> --------------090408030902080204080503-- >> =20 >> =20 >> =20 > > > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8015) memcpy() overlapping in many places
by kurt＠OpenLDAP.org 03 Jan '15

03 Jan '15

AC_MEMCPY is generally memove(3). It would only be memcpy(3) if both = memmove(3) or bcopy(3) were not available. So at most your patch will = cause link errors. =E2=80=94 Kurt > On Jan 3, 2015, at 11:21 AM, leo(a)yuriev.ru wrote: >=20 > This is a multi-part message in MIME format. > --------------090408030902080204080503 > Content-Type: text/plain; charset=3Dwindows-1251; format=3Dflowed > Content-Transfer-Encoding: 7bit >=20 > Please review and merge. >=20 > Leonid. >=20 >=20 > --------------090408030902080204080503 > Content-Type: text/x-patch; > name=3D"its8015.patch" > Content-Transfer-Encoding: 7bit > Content-Disposition: attachment; > filename=3D"its8015.patch" >=20 > commit 8d55a7c88c6655879ffc677e5a9873f29bb7a802 > Author: Leo Yuriev <leo(a)yuriev.ru> > Date: 2015-01-01 16:00:58 +0300 >=20 > ITS#8015 replace memcpy() by memmove() for overlapped src & dst. >=20 > http://lwn.net/Articles/414467/ >=20 > Initially a few cases have been detected using Valgrind. > After that I manually reviewed all calls memcpy() and AC_MEMCPY() > it the 2.4 branch. >=20 > Unfortunately, we can not expect that all of these mistakes > corrected, but it is much more than nothing. >=20 > diff --git a/libraries/liblber/encode.c b/libraries/liblber/encode.c > index e39fa07..3eb15c6 100644 > --- a/libraries/liblber/encode.c > +++ b/libraries/liblber/encode.c > @@ -398,7 +398,7 @@ ber_start_seqorset( > return -1; > } > dest =3D *p; > - AC_MEMCPY( dest, headptr, headlen ); > + memmove( dest, headptr, headlen ); > ber->ber_sos_ptr =3D dest + headlen; >=20 > ber->ber_sos_inner =3D dest + taglen - ber->ber_buf; > @@ -467,7 +467,7 @@ ber_put_seqorset( BerElement *ber ) > if ( unused !=3D 0 ) { > /* length(length) < the reserved SOS_LENLEN = bytes */ > xlen -=3D unused; > - AC_MEMCPY( lenptr, p, xlen ); > + memmove( lenptr, p, xlen ); > ber->ber_sos_ptr =3D (char *) lenptr + xlen; > } > } > diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c > index 8878d1f..4ad605f 100644 > --- a/libraries/libldap/sasl.c > +++ b/libraries/libldap/sasl.c > @@ -628,7 +628,7 @@ sb_sasl_generic_drop_packet ( >=20 > len =3D p->sec_buf_in.buf_ptr - p->sec_buf_in.buf_end; > if ( len > 0 ) > - AC_MEMCPY( p->sec_buf_in.buf_base, = p->sec_buf_in.buf_base + > + memmove( p->sec_buf_in.buf_base, p->sec_buf_in.buf_base = + > p->sec_buf_in.buf_end, len ); >=20 > if ( len >=3D 4 ) { > diff --git a/libraries/liblutil/utils.c b/libraries/liblutil/utils.c > index 310380b..a783167 100644 > --- a/libraries/liblutil/utils.c > +++ b/libraries/liblutil/utils.c > @@ -841,7 +841,7 @@ lutil_str2bin( struct berval *in, struct berval = *out, void *ctx ) > num.buf[num.beg] =3D neg; > } > if ( num.beg ) > - AC_MEMCPY( num.buf, num.buf+num.beg, num.len ); > + memmove( num.buf, num.buf+num.beg, num.len ); > out->bv_len =3D num.len; > decfail: > if ( tmp !=3D tmpbuf ) { > diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c > index f5c244c..f935efc 100644 > --- a/servers/slapd/aclparse.c > +++ b/servers/slapd/aclparse.c > @@ -2317,7 +2317,7 @@ acl_regex_normalized_dn( > for ( q =3D &p[2]; q[0] =3D=3D ' '; q++ ) { > /* DO NOTHING */ ; > } > - AC_MEMCPY( p+1, q, len-(q-str)+1); > + memmove( p+1, q, len-(q-str)+1); > } > } > pattern->bv_val =3D str; > diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c > index 6f6cb2f..2357452 100644 > --- a/servers/slapd/ad.c > +++ b/servers/slapd/ad.c > @@ -277,7 +277,7 @@ int slap_bv2ad( > } else if ( rc > 0 || > ( rc =3D=3D 0 && = (unsigned)optlen > tags[i].bv_len )) > { > - AC_MEMCPY( &tags[i+2], = &tags[i+1], > + memmove( &tags[i+2], &tags[i+1], > = (ntags-i-1)*sizeof(struct berval) ); > tags[i+1].bv_val =3D opt; > tags[i+1].bv_len =3D optlen; > @@ -286,7 +286,7 @@ int slap_bv2ad( > } >=20 > if( ntags ) { > - AC_MEMCPY( &tags[1], &tags[0], > + memmove( &tags[1], &tags[0], > ntags*sizeof(struct berval) ); > } > tags[0].bv_val =3D opt; > diff --git a/servers/slapd/back-bdb/attr.c = b/servers/slapd/back-bdb/attr.c > index 2f183b3..e4ab16f 100644 > --- a/servers/slapd/back-bdb/attr.c > +++ b/servers/slapd/back-bdb/attr.c > @@ -71,7 +71,7 @@ ainfo_insert( struct bdb_info *bdb, AttrInfo *a ) > bdb->bi_attrs =3D ch_realloc( bdb->bi_attrs, ( bdb->bi_nattrs+1 = ) *=20 > sizeof( AttrInfo * )); > if ( x < bdb->bi_nattrs ) > - AC_MEMCPY( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x], > + memmove( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x], > ( bdb->bi_nattrs - x ) * sizeof( AttrInfo *)); > bdb->bi_attrs[x] =3D a; > bdb->bi_nattrs++; > diff --git a/servers/slapd/back-bdb/idl.c = b/servers/slapd/back-bdb/idl.c > index c6bc9f3..f024245 100644 > --- a/servers/slapd/back-bdb/idl.c > +++ b/servers/slapd/back-bdb/idl.c > @@ -204,7 +204,7 @@ int bdb_idl_insert( ID *ids, ID id ) > =09 > } else { > /* insert id */ > - AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) = ); > + memmove( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); > ids[x] =3D id; > } >=20 > @@ -262,7 +262,7 @@ int bdb_idl_delete( ID *ids, ID id ) > } >=20 > } else { > - AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = ); > + memmove( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = ); > } >=20 > #if IDL_DEBUG > 1 > diff --git a/servers/slapd/back-ldap/config.c = b/servers/slapd/back-ldap/config.c > index 11a4ac4..4b5c394 100644 > --- a/servers/slapd/back-ldap/config.c > +++ b/servers/slapd/back-ldap/config.c > @@ -1047,7 +1047,7 @@ ldap_back_cf_gen( ConfigArgs *c ) >=20 > if ( i ) { > bv.bv_len -=3D i; > - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], > + memmove( bv.bv_val, &bv.bv_val[ i ], > bv.bv_len + 1 ); > } >=20 > @@ -1239,7 +1239,7 @@ ldap_back_cf_gen( ConfigArgs *c ) >=20 > if ( i ) { > bc.bv_len -=3D i; > - AC_MEMCPY( bc.bv_val, = &bc.bv_val[ i ], bc.bv_len + 1 ); > + memmove( bc.bv_val, &bc.bv_val[ = i ], bc.bv_len + 1 ); > } >=20 > bv =3D bc; > @@ -1298,7 +1298,7 @@ ldap_back_cf_gen( ConfigArgs *c ) >=20 > if ( i ) { > bv.bv_len -=3D i; > - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], > + memmove( bv.bv_val, &bv.bv_val[ i ], > bv.bv_len + 1 ); > } >=20 > diff --git a/servers/slapd/back-ldap/search.c = b/servers/slapd/back-ldap/search.c > index eeab466..b100510 100644 > --- a/servers/slapd/back-ldap/search.c > +++ b/servers/slapd/back-ldap/search.c > @@ -109,7 +109,7 @@ ldap_back_munge_filter( >=20 > ptr =3D filter->bv_val + ( ptr - oldfilter.bv_val ); >=20 > - AC_MEMCPY( &ptr[ newbv->bv_len ], > + memmove( &ptr[ newbv->bv_len ], > &ptr[ oldbv->bv_len ],=20 > oldfilter.bv_len - ( ptr - = filter->bv_val ) - oldbv->bv_len + 1 ); > AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len ); > diff --git a/servers/slapd/back-mdb/attr.c = b/servers/slapd/back-mdb/attr.c > index 5da9da9..38e513e 100644 > --- a/servers/slapd/back-mdb/attr.c > +++ b/servers/slapd/back-mdb/attr.c > @@ -71,7 +71,7 @@ ainfo_insert( struct mdb_info *mdb, AttrInfo *a ) > mdb->mi_attrs =3D ch_realloc( mdb->mi_attrs, ( mdb->mi_nattrs+1 = ) *=20 > sizeof( AttrInfo * )); > if ( x < mdb->mi_nattrs ) > - AC_MEMCPY( &mdb->mi_attrs[x+1], &mdb->mi_attrs[x], > + memmove( &mdb->mi_attrs[x+1], &mdb->mi_attrs[x], > ( mdb->mi_nattrs - x ) * sizeof( AttrInfo *)); > mdb->mi_attrs[x] =3D a; > mdb->mi_nattrs++; > diff --git a/servers/slapd/back-mdb/idl.c = b/servers/slapd/back-mdb/idl.c > index 3c2f986..c03f7c3 100644 > --- a/servers/slapd/back-mdb/idl.c > +++ b/servers/slapd/back-mdb/idl.c > @@ -173,7 +173,7 @@ int mdb_idl_insert( ID *ids, ID id ) > =09 > } else { > /* insert id */ > - AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) = ); > + memmove( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); > ids[x] =3D id; > } >=20 > @@ -231,7 +231,7 @@ static int mdb_idl_delete( ID *ids, ID id ) > } >=20 > } else { > - AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = ); > + memmove( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) = ); > } >=20 > #if IDL_DEBUG > 1 > diff --git a/servers/slapd/back-meta/config.c = b/servers/slapd/back-meta/config.c > index e3164b0..daa5e8b 100644 > --- a/servers/slapd/back-meta/config.c > +++ b/servers/slapd/back-meta/config.c > @@ -1340,7 +1340,7 @@ meta_back_cf_gen( ConfigArgs *c ) >=20 > if ( i ) { > bv.bv_len -=3D i; > - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], > + memmove( bv.bv_val, &bv.bv_val[ i ], > bv.bv_len + 1 ); > } >=20 > @@ -1597,7 +1597,7 @@ meta_back_cf_gen( ConfigArgs *c ) >=20 > if ( i ) { > bc.bv_len -=3D i; > - AC_MEMCPY( bc.bv_val, = &bc.bv_val[ i ], bc.bv_len + 1 ); > + memmove( bc.bv_val, &bc.bv_val[ = i ], bc.bv_len + 1 ); > } >=20 > bv =3D bc; > @@ -2720,7 +2720,7 @@ idassert-authzFrom "dn:<rootdn>" > int len =3D strlen( argv[ 0 ] ); >=20 > ber_str2bv( line, 0, 0, &bv ); > - AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + = 1 ], > + memmove( &bv.bv_val[ len ], &bv.bv_val[ len + 1 = ], > bv.bv_len - ( len + 1 )); > bv.bv_val[ bv.bv_len - 1] =3D '"'; > ber_bvarray_add( &mt->mt_rwmap.rwm_bva_rewrite, = &bv ); > diff --git a/servers/slapd/back-sql/util.c = b/servers/slapd/back-sql/util.c > index 3564527..7c77964 100644 > --- a/servers/slapd/back-sql/util.c > +++ b/servers/slapd/back-sql/util.c > @@ -411,7 +411,7 @@ backsql_split_pattern( >=20 > } else if ( real_end[ 1 ] =3D=3D SPLIT_CHAR ) { > expected++; > - AC_MEMCPY( real_end, real_end + 1, strlen( = real_end ) ); > + memmove( real_end, real_end + 1, strlen( = real_end ) ); > end =3D strchr( real_end + 1, SPLIT_CHAR ); > continue; > } > diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c > index 2214334..9655629 100644 > --- a/servers/slapd/bconfig.c > +++ b/servers/slapd/bconfig.c > @@ -2353,7 +2353,7 @@ sortval_reject: > s =3D ber_bvchr( &bv, '"' ); > assert( s !=3D NULL ); > /* move the trailing quote of = argv[0] to the end */ > - AC_MEMCPY( s, s + 1, bv.bv_len - = ( s - bv.bv_val ) ); > + memmove( s, s + 1, bv.bv_len - ( = s - bv.bv_val ) ); > bv.bv_val[ bv.bv_len - 1 ] =3D = '"'; >=20 > } else { > diff --git a/servers/slapd/config.c b/servers/slapd/config.c > index cdc17d9..5c0dd55 100644 > --- a/servers/slapd/config.c > +++ b/servers/slapd/config.c > @@ -2159,12 +2159,12 @@ strtok_quote( char *line, char *sep, char = **quote_ptr ) > } else { > inquote =3D 1; > } > - AC_MEMCPY( next, next + 1, strlen( next + 1 ) + = 1 ); > + memmove( next, next + 1, strlen( next + 1 ) + 1 = ); > break; >=20 > case '\\': > if ( next[1] ) > - AC_MEMCPY( next, > + memmove( next, > next + 1, strlen( next + 1 ) = + 1 ); > next++; /* dont parse the escaped = character */ > break; > diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c > index 9b51f95..6b1f1d7 100644 > --- a/servers/slapd/controls.c > +++ b/servers/slapd/controls.c > @@ -1005,7 +1005,7 @@ slap_remove_control( > op->o_tmpfree( op->o_ctrls[ j ], op->o_tmpmemctx ); >=20 > if ( i > 1 ) { > - AC_MEMCPY( &op->o_ctrls[ j ], &op->o_ctrls[ j + = 1 ], > + memmove( &op->o_ctrls[ j ], &op->o_ctrls[ j + 1 = ], > ( i - j ) * sizeof( LDAPControl * ) ); >=20 > } else { > diff --git a/servers/slapd/overlays/constraint.c = b/servers/slapd/overlays/constraint.c > index 096f32a..99844a5 100644 > --- a/servers/slapd/overlays/constraint.c > +++ b/servers/slapd/overlays/constraint.c > @@ -401,7 +401,7 @@ constraint_cf_gen( ConfigArgs *c ) > rc =3D ARG_BAD_CONF; > goto done; > } > - AC_MEMCPY( = &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 ); > + memmove( &ap.lud->lud_filter[0], = &ap.lud->lud_filter[1], len - 2 ); > ap.lud->lud_filter[len - 2] =3D = '\0'; > } >=20 > diff --git a/servers/slapd/overlays/memberof.c = b/servers/slapd/overlays/memberof.c > index 17cbae7..dcfb047 100644 > --- a/servers/slapd/overlays/memberof.c > +++ b/servers/slapd/overlays/memberof.c > @@ -616,10 +616,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) > break; > } > =09 > - AC_MEMCPY( &a->a_vals[ i ], = &a->a_vals[ i + 1 ], > + memmove( &a->a_vals[ i ], = &a->a_vals[ i + 1 ], > sizeof( struct berval ) = * ( j - i ) ); > if ( a->a_nvals !=3D a->a_vals ) = { > - AC_MEMCPY( &a->a_nvals[ = i ], &a->a_nvals[ i + 1 ], > + memmove( &a->a_nvals[ i = ], &a->a_nvals[ i + 1 ], > sizeof( struct = berval ) * ( j - i ) ); > } > i--; > @@ -698,10 +698,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) > break; > } > =09 > - AC_MEMCPY( &a->a_vals[ i ], = &a->a_vals[ i + 1 ], > + memmove( &a->a_vals[ i ], = &a->a_vals[ i + 1 ], > sizeof( struct berval ) = * ( j - i ) ); > if ( a->a_nvals !=3D a->a_vals ) = { > - AC_MEMCPY( &a->a_nvals[ = i ], &a->a_nvals[ i + 1 ], > + memmove( &a->a_nvals[ i = ], &a->a_nvals[ i + 1 ], > sizeof( struct = berval ) * ( j - i ) ); > } > i--; > @@ -922,9 +922,9 @@ memberof_op_modify( Operation *op, SlapReply *rs ) > break; > } > =09 > - AC_MEMCPY( = &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], > + memmove( = &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], > sizeof( = struct berval ) * ( j - i ) ); > - AC_MEMCPY( = &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], > + memmove( = &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], > sizeof( = struct berval ) * ( j - i ) ); > i--; > } > @@ -1022,10 +1022,10 @@ memberof_op_modify( Operation *op, SlapReply = *rs ) > break; > } > =09 > - AC_MEMCPY( = &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], > + memmove( = &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], > sizeof( = struct berval ) * ( j - i ) ); > if ( = ml->sml_nvalues !=3D ml->sml_values ) { > - = AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], > + memmove( = &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], > = sizeof( struct berval ) * ( j - i ) ); > } > i--; > @@ -1140,10 +1140,10 @@ memberof_op_modify( Operation *op, SlapReply = *rs ) > break; > } > =09 > - AC_MEMCPY( = &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], > + memmove( = &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], > sizeof( struct = berval ) * ( j - i ) ); > if ( ml->sml_nvalues !=3D = ml->sml_values ) { > - AC_MEMCPY( = &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], > + memmove( = &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], > sizeof( = struct berval ) * ( j - i ) ); > } > i--; > diff --git a/servers/slapd/overlays/rwm.c = b/servers/slapd/overlays/rwm.c > index 1fbfac3..22a536a 100644 > --- a/servers/slapd/overlays/rwm.c > +++ b/servers/slapd/overlays/rwm.c > @@ -2014,7 +2014,7 @@ rwm_bva_add( > int len =3D strlen( argv[ 0 ] ); >=20 > ber_str2bv( line, 0, 0, &bv ); > - AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], > + memmove( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], > bv.bv_len - ( len + 1 ) ); > bv.bv_val[ bv.bv_len - 1 ] =3D '"'; >=20 > diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c > index b47a528..7436614 100644 > --- a/servers/slapd/sasl.c > +++ b/servers/slapd/sasl.c > @@ -1342,7 +1342,7 @@ slap_sasl_peer2ipport( struct berval *peer ) > *p =3D ';'; > if ( isv6 ) { > assert( p[-1] =3D=3D ']' ); > - AC_MEMCPY( &p[-1], p, plen - ( p - ipport ) + 1 = ); > + memmove( &p[-1], p, plen - ( p - ipport ) + 1 ); > } >=20 > } else if ( isv6 ) { > diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c > index 5e0ebbe..5449603 100644 > --- a/servers/slapd/saslauthz.c > +++ b/servers/slapd/saslauthz.c > @@ -182,14 +182,14 @@ int slap_parse_user( struct berval *id, struct = berval *user, > if ( !BER_BVISNULL( mech ) ) { > assert( mech->bv_val =3D=3D id->bv_val + 2 ); >=20 > - AC_MEMCPY( mech->bv_val - 2, mech->bv_val, mech->bv_len = + 1 ); > + memmove( mech->bv_val - 2, mech->bv_val, mech->bv_len + = 1 ); > mech->bv_val -=3D 2; > } >=20 > if ( !BER_BVISNULL( realm ) ) { > assert( realm->bv_val >=3D id->bv_val + 2 ); >=20 > - AC_MEMCPY( realm->bv_val - 2, realm->bv_val, = realm->bv_len + 1 ); > + memmove( realm->bv_val - 2, realm->bv_val, realm->bv_len = + 1 ); > realm->bv_val -=3D 2; > } >=20 >=20 > --------------090408030902080204080503-- >=20 >=20 >=20

1 0

Re: (ITS#8015) memcpy() overlapping in many places
by leo＠yuriev.ru 03 Jan '15

03 Jan '15

This is a multi-part message in MIME format. --------------090408030902080204080503 Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit Please review and merge. Leonid. --------------090408030902080204080503 Content-Type: text/x-patch; name="its8015.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="its8015.patch" commit 8d55a7c88c6655879ffc677e5a9873f29bb7a802 Author: Leo Yuriev <leo(a)yuriev.ru> Date: 2015-01-01 16:00:58 +0300 ITS#8015 replace memcpy() by memmove() for overlapped src & dst. http://lwn.net/Articles/414467/ Initially a few cases have been detected using Valgrind. After that I manually reviewed all calls memcpy() and AC_MEMCPY() it the 2.4 branch. Unfortunately, we can not expect that all of these mistakes corrected, but it is much more than nothing. diff --git a/libraries/liblber/encode.c b/libraries/liblber/encode.c index e39fa07..3eb15c6 100644 --- a/libraries/liblber/encode.c +++ b/libraries/liblber/encode.c @@ -398,7 +398,7 @@ ber_start_seqorset( return -1; } dest = *p; - AC_MEMCPY( dest, headptr, headlen ); + memmove( dest, headptr, headlen ); ber->ber_sos_ptr = dest + headlen; ber->ber_sos_inner = dest + taglen - ber->ber_buf; @@ -467,7 +467,7 @@ ber_put_seqorset( BerElement *ber ) if ( unused != 0 ) { /* length(length) < the reserved SOS_LENLEN bytes */ xlen -= unused; - AC_MEMCPY( lenptr, p, xlen ); + memmove( lenptr, p, xlen ); ber->ber_sos_ptr = (char *) lenptr + xlen; } } diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index 8878d1f..4ad605f 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -628,7 +628,7 @@ sb_sasl_generic_drop_packet ( len = p->sec_buf_in.buf_ptr - p->sec_buf_in.buf_end; if ( len > 0 ) - AC_MEMCPY( p->sec_buf_in.buf_base, p->sec_buf_in.buf_base + + memmove( p->sec_buf_in.buf_base, p->sec_buf_in.buf_base + p->sec_buf_in.buf_end, len ); if ( len >= 4 ) { diff --git a/libraries/liblutil/utils.c b/libraries/liblutil/utils.c index 310380b..a783167 100644 --- a/libraries/liblutil/utils.c +++ b/libraries/liblutil/utils.c @@ -841,7 +841,7 @@ lutil_str2bin( struct berval *in, struct berval *out, void *ctx ) num.buf[num.beg] = neg; } if ( num.beg ) - AC_MEMCPY( num.buf, num.buf+num.beg, num.len ); + memmove( num.buf, num.buf+num.beg, num.len ); out->bv_len = num.len; decfail: if ( tmp != tmpbuf ) { diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index f5c244c..f935efc 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -2317,7 +2317,7 @@ acl_regex_normalized_dn( for ( q = &p[2]; q[0] == ' '; q++ ) { /* DO NOTHING */ ; } - AC_MEMCPY( p+1, q, len-(q-str)+1); + memmove( p+1, q, len-(q-str)+1); } } pattern->bv_val = str; diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c index 6f6cb2f..2357452 100644 --- a/servers/slapd/ad.c +++ b/servers/slapd/ad.c @@ -277,7 +277,7 @@ int slap_bv2ad( } else if ( rc > 0 || ( rc == 0 && (unsigned)optlen > tags[i].bv_len )) { - AC_MEMCPY( &tags[i+2], &tags[i+1], + memmove( &tags[i+2], &tags[i+1], (ntags-i-1)*sizeof(struct berval) ); tags[i+1].bv_val = opt; tags[i+1].bv_len = optlen; @@ -286,7 +286,7 @@ int slap_bv2ad( } if( ntags ) { - AC_MEMCPY( &tags[1], &tags[0], + memmove( &tags[1], &tags[0], ntags*sizeof(struct berval) ); } tags[0].bv_val = opt; diff --git a/servers/slapd/back-bdb/attr.c b/servers/slapd/back-bdb/attr.c index 2f183b3..e4ab16f 100644 --- a/servers/slapd/back-bdb/attr.c +++ b/servers/slapd/back-bdb/attr.c @@ -71,7 +71,7 @@ ainfo_insert( struct bdb_info *bdb, AttrInfo *a ) bdb->bi_attrs = ch_realloc( bdb->bi_attrs, ( bdb->bi_nattrs+1 ) * sizeof( AttrInfo * )); if ( x < bdb->bi_nattrs ) - AC_MEMCPY( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x], + memmove( &bdb->bi_attrs[x+1], &bdb->bi_attrs[x], ( bdb->bi_nattrs - x ) * sizeof( AttrInfo *)); bdb->bi_attrs[x] = a; bdb->bi_nattrs++; diff --git a/servers/slapd/back-bdb/idl.c b/servers/slapd/back-bdb/idl.c index c6bc9f3..f024245 100644 --- a/servers/slapd/back-bdb/idl.c +++ b/servers/slapd/back-bdb/idl.c @@ -204,7 +204,7 @@ int bdb_idl_insert( ID *ids, ID id ) } else { /* insert id */ - AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); + memmove( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); ids[x] = id; } @@ -262,7 +262,7 @@ int bdb_idl_delete( ID *ids, ID id ) } } else { - AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) ); + memmove( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) ); } #if IDL_DEBUG > 1 diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index 11a4ac4..4b5c394 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -1047,7 +1047,7 @@ ldap_back_cf_gen( ConfigArgs *c ) if ( i ) { bv.bv_len -= i; - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], + memmove( bv.bv_val, &bv.bv_val[ i ], bv.bv_len + 1 ); } @@ -1239,7 +1239,7 @@ ldap_back_cf_gen( ConfigArgs *c ) if ( i ) { bc.bv_len -= i; - AC_MEMCPY( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 ); + memmove( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 ); } bv = bc; @@ -1298,7 +1298,7 @@ ldap_back_cf_gen( ConfigArgs *c ) if ( i ) { bv.bv_len -= i; - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], + memmove( bv.bv_val, &bv.bv_val[ i ], bv.bv_len + 1 ); } diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index eeab466..b100510 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -109,7 +109,7 @@ ldap_back_munge_filter( ptr = filter->bv_val + ( ptr - oldfilter.bv_val ); - AC_MEMCPY( &ptr[ newbv->bv_len ], + memmove( &ptr[ newbv->bv_len ], &ptr[ oldbv->bv_len ], oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 ); AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len ); diff --git a/servers/slapd/back-mdb/attr.c b/servers/slapd/back-mdb/attr.c index 5da9da9..38e513e 100644 --- a/servers/slapd/back-mdb/attr.c +++ b/servers/slapd/back-mdb/attr.c @@ -71,7 +71,7 @@ ainfo_insert( struct mdb_info *mdb, AttrInfo *a ) mdb->mi_attrs = ch_realloc( mdb->mi_attrs, ( mdb->mi_nattrs+1 ) * sizeof( AttrInfo * )); if ( x < mdb->mi_nattrs ) - AC_MEMCPY( &mdb->mi_attrs[x+1], &mdb->mi_attrs[x], + memmove( &mdb->mi_attrs[x+1], &mdb->mi_attrs[x], ( mdb->mi_nattrs - x ) * sizeof( AttrInfo *)); mdb->mi_attrs[x] = a; mdb->mi_nattrs++; diff --git a/servers/slapd/back-mdb/idl.c b/servers/slapd/back-mdb/idl.c index 3c2f986..c03f7c3 100644 --- a/servers/slapd/back-mdb/idl.c +++ b/servers/slapd/back-mdb/idl.c @@ -173,7 +173,7 @@ int mdb_idl_insert( ID *ids, ID id ) } else { /* insert id */ - AC_MEMCPY( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); + memmove( &ids[x+1], &ids[x], (ids[0]-x) * sizeof(ID) ); ids[x] = id; } @@ -231,7 +231,7 @@ static int mdb_idl_delete( ID *ids, ID id ) } } else { - AC_MEMCPY( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) ); + memmove( &ids[x], &ids[x+1], (1+ids[0]-x) * sizeof(ID) ); } #if IDL_DEBUG > 1 diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index e3164b0..daa5e8b 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -1340,7 +1340,7 @@ meta_back_cf_gen( ConfigArgs *c ) if ( i ) { bv.bv_len -= i; - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], + memmove( bv.bv_val, &bv.bv_val[ i ], bv.bv_len + 1 ); } @@ -1597,7 +1597,7 @@ meta_back_cf_gen( ConfigArgs *c ) if ( i ) { bc.bv_len -= i; - AC_MEMCPY( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 ); + memmove( bc.bv_val, &bc.bv_val[ i ], bc.bv_len + 1 ); } bv = bc; @@ -2720,7 +2720,7 @@ idassert-authzFrom "dn:<rootdn>" int len = strlen( argv[ 0 ] ); ber_str2bv( line, 0, 0, &bv ); - AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], + memmove( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], bv.bv_len - ( len + 1 )); bv.bv_val[ bv.bv_len - 1] = '"'; ber_bvarray_add( &mt->mt_rwmap.rwm_bva_rewrite, &bv ); diff --git a/servers/slapd/back-sql/util.c b/servers/slapd/back-sql/util.c index 3564527..7c77964 100644 --- a/servers/slapd/back-sql/util.c +++ b/servers/slapd/back-sql/util.c @@ -411,7 +411,7 @@ backsql_split_pattern( } else if ( real_end[ 1 ] == SPLIT_CHAR ) { expected++; - AC_MEMCPY( real_end, real_end + 1, strlen( real_end ) ); + memmove( real_end, real_end + 1, strlen( real_end ) ); end = strchr( real_end + 1, SPLIT_CHAR ); continue; } diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index 2214334..9655629 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -2353,7 +2353,7 @@ sortval_reject: s = ber_bvchr( &bv, '"' ); assert( s != NULL ); /* move the trailing quote of argv[0] to the end */ - AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) ); + memmove( s, s + 1, bv.bv_len - ( s - bv.bv_val ) ); bv.bv_val[ bv.bv_len - 1 ] = '"'; } else { diff --git a/servers/slapd/config.c b/servers/slapd/config.c index cdc17d9..5c0dd55 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -2159,12 +2159,12 @@ strtok_quote( char *line, char *sep, char **quote_ptr ) } else { inquote = 1; } - AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 ); + memmove( next, next + 1, strlen( next + 1 ) + 1 ); break; case '\\': if ( next[1] ) - AC_MEMCPY( next, + memmove( next, next + 1, strlen( next + 1 ) + 1 ); next++; /* dont parse the escaped character */ break; diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c index 9b51f95..6b1f1d7 100644 --- a/servers/slapd/controls.c +++ b/servers/slapd/controls.c @@ -1005,7 +1005,7 @@ slap_remove_control( op->o_tmpfree( op->o_ctrls[ j ], op->o_tmpmemctx ); if ( i > 1 ) { - AC_MEMCPY( &op->o_ctrls[ j ], &op->o_ctrls[ j + 1 ], + memmove( &op->o_ctrls[ j ], &op->o_ctrls[ j + 1 ], ( i - j ) * sizeof( LDAPControl * ) ); } else { diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c index 096f32a..99844a5 100644 --- a/servers/slapd/overlays/constraint.c +++ b/servers/slapd/overlays/constraint.c @@ -401,7 +401,7 @@ constraint_cf_gen( ConfigArgs *c ) rc = ARG_BAD_CONF; goto done; } - AC_MEMCPY( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 ); + memmove( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 ); ap.lud->lud_filter[len - 2] = '\0'; } diff --git a/servers/slapd/overlays/memberof.c b/servers/slapd/overlays/memberof.c index 17cbae7..dcfb047 100644 --- a/servers/slapd/overlays/memberof.c +++ b/servers/slapd/overlays/memberof.c @@ -616,10 +616,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) break; } - AC_MEMCPY( &a->a_vals[ i ], &a->a_vals[ i + 1 ], + memmove( &a->a_vals[ i ], &a->a_vals[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); if ( a->a_nvals != a->a_vals ) { - AC_MEMCPY( &a->a_nvals[ i ], &a->a_nvals[ i + 1 ], + memmove( &a->a_nvals[ i ], &a->a_nvals[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); } i--; @@ -698,10 +698,10 @@ memberof_op_add( Operation *op, SlapReply *rs ) break; } - AC_MEMCPY( &a->a_vals[ i ], &a->a_vals[ i + 1 ], + memmove( &a->a_vals[ i ], &a->a_vals[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); if ( a->a_nvals != a->a_vals ) { - AC_MEMCPY( &a->a_nvals[ i ], &a->a_nvals[ i + 1 ], + memmove( &a->a_nvals[ i ], &a->a_nvals[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); } i--; @@ -922,9 +922,9 @@ memberof_op_modify( Operation *op, SlapReply *rs ) break; } - AC_MEMCPY( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], + memmove( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); - AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], + memmove( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); i--; } @@ -1022,10 +1022,10 @@ memberof_op_modify( Operation *op, SlapReply *rs ) break; } - AC_MEMCPY( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], + memmove( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); if ( ml->sml_nvalues != ml->sml_values ) { - AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], + memmove( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); } i--; @@ -1140,10 +1140,10 @@ memberof_op_modify( Operation *op, SlapReply *rs ) break; } - AC_MEMCPY( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], + memmove( &ml->sml_values[ i ], &ml->sml_values[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); if ( ml->sml_nvalues != ml->sml_values ) { - AC_MEMCPY( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], + memmove( &ml->sml_nvalues[ i ], &ml->sml_nvalues[ i + 1 ], sizeof( struct berval ) * ( j - i ) ); } i--; diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c index 1fbfac3..22a536a 100644 --- a/servers/slapd/overlays/rwm.c +++ b/servers/slapd/overlays/rwm.c @@ -2014,7 +2014,7 @@ rwm_bva_add( int len = strlen( argv[ 0 ] ); ber_str2bv( line, 0, 0, &bv ); - AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], + memmove( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ], bv.bv_len - ( len + 1 ) ); bv.bv_val[ bv.bv_len - 1 ] = '"'; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index b47a528..7436614 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -1342,7 +1342,7 @@ slap_sasl_peer2ipport( struct berval *peer ) *p = ';'; if ( isv6 ) { assert( p[-1] == ']' ); - AC_MEMCPY( &p[-1], p, plen - ( p - ipport ) + 1 ); + memmove( &p[-1], p, plen - ( p - ipport ) + 1 ); } } else if ( isv6 ) { diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 5e0ebbe..5449603 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -182,14 +182,14 @@ int slap_parse_user( struct berval *id, struct berval *user, if ( !BER_BVISNULL( mech ) ) { assert( mech->bv_val == id->bv_val + 2 ); - AC_MEMCPY( mech->bv_val - 2, mech->bv_val, mech->bv_len + 1 ); + memmove( mech->bv_val - 2, mech->bv_val, mech->bv_len + 1 ); mech->bv_val -= 2; } if ( !BER_BVISNULL( realm ) ) { assert( realm->bv_val >= id->bv_val + 2 ); - AC_MEMCPY( realm->bv_val - 2, realm->bv_val, realm->bv_len + 1 ); + memmove( realm->bv_val - 2, realm->bv_val, realm->bv_len + 1 ); realm->bv_val -= 2; } --------------090408030902080204080503--

1 0

(ITS#8015) memcpy() overlapping in many places
by leo＠yuriev.ru 03 Jan '15

03 Jan '15

Full_Name: Leonid Yuriev Version: 2.4-HEAD OS: RHEL7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (31.130.36.33) A lot of places where memcpy() is called with overlapping source and destination, or such is possible in some cases. Explanation of why this is a problem, see. Http://lwn.net/Articles/414467/ Patch will be available shortly. Leonid.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2015