Re: (ITS#8046) query caused slapd to stop
by hyc@symas.com
Howard Chu wrote:
> Ryan Tandy wrote:
>> Hi again,
>>
>> 9d9913392a0346e23f07e65d7d0964c84e2c1277 is the first bad commit
>> commit 9d9913392a0346e23f07e65d7d0964c84e2c1277
>> Author: Howard Chu <hyc(a)openldap.org>
>> Date: Thu Sep 18 02:06:38 2014 +0100
>>
>> ITS#7942 plug leak in controls
>>
>> Reverting 8bdd54c and 9d99133 fixes the crash.
>>
>> I suppose it should probably get a CVE, and so on...
>>
> git history shows vrFilter_free has been broken ever since Kurt wrote it in
> 2002. Which pretty much means it was never getting called until #7942 plugged
> that memory leak.
>
For future reference, this was registered as CVE-2015-1546
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 1 month
Re: (ITS#8027) ldapsearch -E deref=member: crashes slapd
by hyc@symas.com
Howard Chu wrote:
> ryan(a)nardis.ca wrote:
>> Full_Name: Ryan Tandy
>> Version: master (7df548d), RE24 (2b14bbc)
>> OS: Debian unstable
>> URL:
>> Submission from: (NULL) (142.32.208.227)
>>
>>
>> If you use the deref control but leave the list of requested attributes empty,
>> slapd crashes.
>>
>> ldapsearch [...] -E deref=member:
>
>> The ldapsearch manpage implies this probably isn't valid, but it still accepted
>> it. (FWIW, I tried it just to see whether it would return all attributes or
>> none.) I couldn't tell from draft-ldap-deref-00 whether an empty attr list is
>> considered a valid request.
>>
> Patched in master to reject a request with an empty attr list.
>
For future reference, this was registered as CVE-2015-1545.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 1 month
Re: (ITS#8069) MDb library patch: Use explicit Windows API functions for char* strings
by hyc@symas.com
pmedvedev(a)gmail.com wrote:
> Full_Name: Pavel Medvedev
> Version:
> OS: Windows 7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (217.25.225.40)
>
>
> Most Windows API functions such as CreateFile(), CreateMutex(),
> OpenMutex() that accept string arguments, are defined with suffix W or A
> for appropriate wchar_t* or char* strings, depending of _UNICODE
> preprocessor define. Calling explicit functions with A suffix would eliminate
> compile errors when _UNICODE is defined.
Thanks, committed to mdb.master.
>
> As a further enhancement, I think path argument encoding should be documented
> (probably UTF-8?) for such functions as mdb_env_open(), mdb_env_copy(),
> mdb_env_copy2(), and mdb_env_get_path(). This prevent possible problems with
> non-latin characters in path names on Windows.
>
> In this case, LMDB implementation on Windows should perform path
> conversion to UTF-16 and explicit call to CreateFileW() in mdb_env_open()
> and mdb_env_copy2() functions.
We've been discussing this change on and off for a while. That sounds like the
correct approach; patches welcome.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 1 month
Re: (ITS#8068) MDB library patch: Using IsWindowsVersionOrGreater() instead of obsolete GetVersion()
by hyc@symas.com
pmedvedev(a)gmail.com wrote:
> Full_Name: Pavel Medvedev
> Version:
> OS: Windows 7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (217.25.225.40)
I'm unable to compile with this patch. The API appears to be missing from
older versions of the Windows SDK. MSDN says it's from the Windows 8.1 SDK.
Closing this ITS.
>
>
> ---
> libraries/liblmdb/mdb.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
> index 65293f4..a54ce83 100644
> --- a/libraries/liblmdb/mdb.c
> +++ b/libraries/liblmdb/mdb.c
> @@ -239,6 +239,7 @@ union semun {
> #endif
>
> #ifdef _WIN32
> +#include <VersionHelpers.h>
> #define MDB_USE_HASH 1
> #define MDB_PIDLOCK 0
> #define THREAD_RET DWORD
> @@ -3998,8 +3999,7 @@ mdb_env_open2(MDB_env *env)
>
> #ifdef _WIN32
> /* See if we should use QueryLimited */
> - rc = GetVersion();
> - if ((rc & 0xff) > 5)
> + if (IsWindowsVersionOrGreater(6, 0, 0))
> env->me_pidquery = MDB_PROCESS_QUERY_LIMITED_INFORMATION;
> else
> env->me_pidquery = PROCESS_QUERY_INFORMATION;
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8 years, 1 month
Re: (ITS#8217) Add msvc support to lmdb
by nacho.resa@gmail.com
--001a113449f0607d15051daaa7f8
Content-Type: text/plain; charset=UTF-8
well, those bug reports overlap with my patch, but they completely lack
adding the MSVC project, should I attach my patch there?
On Wed, Aug 19, 2015 at 3:57 PM, Howard Chu <hyc(a)symas.com> wrote:
> nacho.resa(a)gmail.com wrote:
>
>> Full_Name: Ignacio Casal Quinteiro
>> Version:
>> OS: Windows 7
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (83.30.165.68)
>>
>>
>> On the url below you can find a fork that adds support for msvc builds:
>> https://github.com/nice-software/lmdb/tree/wip/msvc
>>
>> https://github.com/nice-software/lmdb/commit/e871e736949dafee4e84f07c6cfb...
>>
>
> This patch is largely a dup of ITSs #8067,8068,8069.
>
> Closing this ITS, use the previous ones instead.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
--
Ignacio Casal Quinteiro
--001a113449f0607d15051daaa7f8
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">well, those bug reports overlap with my patch, but they co=
mpletely lack adding the MSVC project, should I attach my patch there?<br><=
/div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Aug =
19, 2015 at 3:57 PM, Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc=
@symas.com" target=3D"_blank">hyc(a)symas.com</a>></span> wrote:<br><block=
quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc=
solid;padding-left:1ex"><a href=3D"mailto:nacho.resa@gmail.com" target=3D"=
_blank">nacho.resa(a)gmail.com</a> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Full_Name: Ignacio Casal Quinteiro<br>
Version:<br>
OS: Windows 7<br>
URL: <a href=3D"ftp://ftp.openldap.org/incoming/" rel=3D"noreferrer" target=
=3D"_blank">ftp://ftp.openldap.org/incoming/</a><br>
Submission from: (NULL) (83.30.165.68)<br>
<br>
<br>
On the url below you can find a fork that adds support for msvc builds:<br>
<a href=3D"https://github.com/nice-software/lmdb/tree/wip/msvc" rel=3D"nore=
ferrer" target=3D"_blank">https://github.com/nice-software/lmdb/tree/wip/ms=
vc</a><br>
<a href=3D"https://github.com/nice-software/lmdb/commit/e871e736949dafee4e8=
4f07c6cfb1b1eceb57089" rel=3D"noreferrer" target=3D"_blank">https://github.=
com/nice-software/lmdb/commit/e871e736949dafee4e84f07c6cfb1b1eceb57089</a><=
br>
</blockquote>
<br>
This patch is largely a dup of ITSs #8067,8068,8069.<br>
<br>
Closing this ITS, use the previous ones instead.<span class=3D"HOEnZb"><fon=
t color=3D"#888888"><br>
<br>
-- <br>
=C2=A0 -- Howard Chu<br>
=C2=A0 CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"=
http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www.symas=
.com</a><br>
=C2=A0 Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://highland=
sun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun.com/h=
yc/</a><br>
=C2=A0 Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap.org/p=
roject/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org/proje=
ct/</a><br>
</font></span></blockquote></div><br><br clear=3D"all"><br>-- <br><div clas=
s=3D"gmail_signature">Ignacio Casal Quinteiro</div>
</div>
--001a113449f0607d15051daaa7f8--
8 years, 1 month
(ITS#8220) refint performance issue
by hyc@openldap.org
Full_Name: Howard Chu
Version: 2.4
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (78.155.231.135)
Submitted by: hyc
The fix for ITS#5097 changed refint to support subtree renames. Unfortunately
this required using dnSubtreeMatch extended search filters, which are not
indexable, so every refint invocation invokes a search that scans the entire
DB.
This behavior isn't necessary; such an extensive search is only needed if we
know that the entry being modified actually has children. If we know that the
entry has no children, we can use the original code which used an equality
match, which *is* indexable, and save significant overhead.
Patch coming shortly.
8 years, 1 month