106 lines
3.5 KiB
Diff
106 lines
3.5 KiB
Diff
From 5e63f9c3c5e3d48e1aaf625649cb065c0dfae1df Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Tue, 19 Jan 2021 16:53:55 +0100
|
|
Subject: [PATCH 004/284] CVE-2020-25718 pyldb: catch potential overflow error
|
|
|
|
Conflict: NA
|
|
Reference: https://git.samba.org/samba.git/?p=samba.git;a=patch;h=5e63f9c3c5e3d48e1aaf625649cb065c0dfae1df
|
|
|
|
in py_timestring
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Pair-Programmed-With: Bj枚rn Baumbach <bb@sernet.de>
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Bj枚rn Baumbach <bb@sernet.de>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
|
|
|
|
(cherry picked from commit 71e8b24b8a031de26b21539e36a60f459257d2fd)
|
|
---
|
|
lib/ldb/common/ldb_msg.c | 1 +
|
|
lib/ldb/pyldb.c | 7 +++++++
|
|
lib/ldb/tests/python/api.py | 19 +++++++++++++++++++
|
|
3 files changed, 27 insertions(+)
|
|
|
|
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
|
|
index 7131f013f71b..57dfc5a04c2b 100644
|
|
--- a/lib/ldb/common/ldb_msg.c
|
|
+++ b/lib/ldb/common/ldb_msg.c
|
|
@@ -1272,6 +1272,7 @@ char *ldb_timestring(TALLOC_CTX *mem_ctx, time_t t)
|
|
|
|
if (r != 17) {
|
|
talloc_free(ts);
|
|
+ errno = EOVERFLOW;
|
|
return NULL;
|
|
}
|
|
|
|
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
|
|
index d093daedf5c7..257351b2bc45 100644
|
|
--- a/lib/ldb/pyldb.c
|
|
+++ b/lib/ldb/pyldb.c
|
|
@@ -4227,6 +4227,13 @@ static PyObject *py_timestring(PyObject *module, PyObject *args)
|
|
if (!PyArg_ParseTuple(args, "l", &t_val))
|
|
return NULL;
|
|
tresult = ldb_timestring(NULL, (time_t) t_val);
|
|
+ if (tresult == NULL) {
|
|
+ /*
|
|
+ * Most likely EOVERFLOW from gmtime()
|
|
+ */
|
|
+ PyErr_SetFromErrno(PyExc_OSError);
|
|
+ return NULL;
|
|
+ }
|
|
ret = PyUnicode_FromString(tresult);
|
|
talloc_free(tresult);
|
|
return ret;
|
|
diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py
|
|
index 675b5859af8f..8d154aac6adf 100755
|
|
--- a/lib/ldb/tests/python/api.py
|
|
+++ b/lib/ldb/tests/python/api.py
|
|
@@ -5,10 +5,12 @@
|
|
import os
|
|
from unittest import TestCase
|
|
import sys
|
|
+sys.path.insert(0, "bin/python")
|
|
import gc
|
|
import time
|
|
import ldb
|
|
import shutil
|
|
+import errno
|
|
|
|
PY3 = sys.version_info > (3, 0)
|
|
|
|
@@ -42,10 +44,27 @@ class NoContextTests(TestCase):
|
|
self.assertEqual("19700101000000.0Z", ldb.timestring(0))
|
|
self.assertEqual("20071119191012.0Z", ldb.timestring(1195499412))
|
|
|
|
+ self.assertEqual("00000101000000.0Z", ldb.timestring(-62167219200))
|
|
+ self.assertEqual("99991231235959.0Z", ldb.timestring(253402300799))
|
|
+
|
|
+ # should result with OSError EOVERFLOW from gmtime()
|
|
+ with self.assertRaises(OSError) as err:
|
|
+ ldb.timestring(-62167219201)
|
|
+ self.assertEqual(err.exception.errno, errno.EOVERFLOW)
|
|
+ with self.assertRaises(OSError) as err:
|
|
+ ldb.timestring(253402300800)
|
|
+ self.assertEqual(err.exception.errno, errno.EOVERFLOW)
|
|
+ with self.assertRaises(OSError) as err:
|
|
+ ldb.timestring(0x7fffffffffffffff)
|
|
+ self.assertEqual(err.exception.errno, errno.EOVERFLOW)
|
|
+
|
|
def test_string_to_time(self):
|
|
self.assertEqual(0, ldb.string_to_time("19700101000000.0Z"))
|
|
self.assertEqual(1195499412, ldb.string_to_time("20071119191012.0Z"))
|
|
|
|
+ self.assertEqual(-62167219200, ldb.string_to_time("00000101000000.0Z"))
|
|
+ self.assertEqual(253402300799, ldb.string_to_time("99991231235959.0Z"))
|
|
+
|
|
def test_binary_encode(self):
|
|
encoded = ldb.binary_encode(b'test\\x')
|
|
decoded = ldb.binary_decode(encoded)
|
|
--
|
|
2.25.1
|