!38 [sync] PR-34: Do not pass non–null‐terminated strings to strcmp() and Safely clear structure members

From: @openeuler-sync-bot 
Reviewed-by: @hubin95 
Signed-off-by: @hubin95

backport-python-Safely-clear-structure-members.patch

@@ -0,0 +1,33 @@
+From f573177c352c2df89c7d5ffd425a37b46b12166c Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Mon, 24 Apr 2023 10:42:39 +1200
+Subject: [PATCH] python: Safely clear structure members
+
+Using Py_CLEAR() ensures that these structures are observed in a
+consistent state by any Python code that may run during deconstruction.
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Reference:https://github.com/samba-team/samba/commit/f573177c352c2df89c7d5ffd425a37b46b12166c
+Conflict:only change pytdb.c, other files do not belong to the libtdb package.
+---
+ pytdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pytdb.c b/pytdb.c
+index e2f8ace..d47d933 100644
+--- a/pytdb.c
++++ b/pytdb.c
+@@ -474,7 +474,7 @@ static PyObject *tdb_iter_next(PyTdbIteratorObject *self)
+ 
+ static void tdb_iter_dealloc(PyTdbIteratorObject *self)
+ {
+-	Py_DECREF(self->iteratee);
++	Py_CLEAR(self->iteratee);
+ 	PyObject_Del(self);
+ }
+ 
+-- 
+2.33.0
+

backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch

@@ -0,0 +1,40 @@
+From 757cd49b8445f22c2c19380e948e7aba5a76399a Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Fri, 6 Oct 2023 13:54:02 +1300
+Subject: [PATCH] =?UTF-8?q?tdb:=20Do=20not=20pass=20non=E2=80=93null?=
+ =?UTF-8?q?=E2=80=90terminated=20strings=20to=20strcmp()=20(CID=201449485)?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Reference:https://github.com/samba-team/samba/commit/757cd49b8445f22c2c19380e948e7aba5a76399a
+Conflict:NA
+---
+ common/open.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/common/open.c b/common/open.c
+index f7f65b0..4e138c6 100644
+--- a/common/open.c
++++ b/common/open.c
+@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
+ 
+ 	errno = 0;
+ 	if (read(tdb->fd, &header, sizeof(header)) != sizeof(header)
+-	    || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) {
++	    /*
++	     * Call strncmp() rather than strcmp() in case header.magic_food is
++	     * not zero‐terminated. We’re still checking the full string for
++	     * equality, as tdb_header::magic_food is larger than
++	     * TDB_MAGIC_FOOD.
++	     */
++	    || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) {
+ 		if (!(open_flags & O_CREAT) ||
+ 		    tdb_new_database(tdb, &header, hash_size) == -1) {
+ 			if (errno == 0) {
+-- 
+2.33.0
+

libtdb.spec

@@ -1,11 +1,14 @@
 Name: libtdb
 Version: 1.4.7
-Release: 1
+Release: 2
 Summary: The Tdb library
 License: LGPLv3+
 URL: http://tdb.samba.org/
 Source: http://samba.org/ftp/tdb/tdb-%{version}.tar.gz
 
+Patch6000: backport-python-Safely-clear-structure-members.patch
+Patch6001: backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch
+
 BuildRequires: gcc libxslt docbook-style-xsl
 BuildRequires: python3-devel
 Provides: bundled(libreplace)
@@ -89,6 +92,13 @@ make %{?_smp_mflags} check
 %ldconfig_scriptlets
 
 %changelog
+* Wed May 08 2024 wangjiang <wangjiang37@h-partners.com> - 1.4.7-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:tdb: Do not pass non–null‐terminated strings to strcmp()
+       python: Safely clear structure members
+
 * Sat Nov 05 2022 shixuantong<shixuantong1@huawei.com> - 1.4.7-1
 - upgrade version to 1.4.7