packages/libtdb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!47 [sync] PR-42: Add missing overflow check for num_values in pytdb.c

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @hubin95 
Signed-off-by: @hubin95
This commit is contained in:
openeuler-ci-bot 2024-06-11 06:11:32 +00:00 committed by Gitee
commit e317b976c4
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
backport-Add-missing-overflow-check-for-num_values-in-pytdb.c.patch Normal file
View File

@ -0,0 +1,51 @@
From 82b07bd048e8039896be7edec6b83cbd6ff218d9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 30 Apr 2024 14:16:33 +0200
Subject: [PATCH] lib:tdb: Add missing overflow check for num_values in pytdb.c
Reference:https://github.com/samba-team/samba/commit/82b07bd048e8039896be7edec6b83cbd6ff218d9
Conflict:NA
Error: INTEGER_OVERFLOW (CWE-190):
tdb-1.4.10/pytdb.c:401: cast_overflow: Truncation due to cast operation on "num_values" from 64 to 32 bits.
tdb-1.4.10/pytdb.c:401: overflow_sink: "num_values", which might have overflowed, is passed to "tdb_storev(self->ctx, key, values, num_values, flag)".
399| }
400|
401|-> ret = tdb_storev(self->ctx, key, values, num_values, flag);
402| free(values);
403| PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---
pytdb.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/pytdb.c b/pytdb.c
index d47d933..4d0b9d4 100644
--- a/pytdb.c
+++ b/pytdb.c
@@ -407,6 +407,10 @@ static PyObject *obj_storev(PyTdbObject *self, PyObject *args)
PyErr_SetFromErrno(PyExc_OverflowError);
return NULL;
}
+ if (num_values > INT_MAX) {
+ PyErr_SetFromErrno(PyExc_OverflowError);
+ return NULL;
+ }
values = malloc(sizeof(TDB_DATA) * num_values);
if (values == NULL) {
PyErr_NoMemory();
@@ -422,7 +426,7 @@ static PyObject *obj_storev(PyTdbObject *self, PyObject *args)
values[i] = value;
}
- ret = tdb_storev(self->ctx, key, values, num_values, flag);
+ ret = tdb_storev(self->ctx, key, values, (int)num_values, flag);
free(values);
PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
Py_RETURN_NONE;
--
2.33.0

9
libtdb.spec
View File

@ -1,6 +1,6 @@
Name: libtdb
Version: 1.4.7
Release: 2
Release: 3
Summary: The Tdb library
License: LGPLv3+
URL: http://tdb.samba.org/
@ -8,6 +8,7 @@ Source: http://samba.org/ftp/tdb/tdb-%{version}.tar.gz
Patch6000: backport-python-Safely-clear-structure-members.patch
Patch6001: backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch
Patch6002: backport-Add-missing-overflow-check-for-num_values-in-pytdb.c.patch
BuildRequires: gcc libxslt docbook-style-xsl
BuildRequires: python3-devel
@ -92,6 +93,12 @@ make %{?_smp_mflags} check
%ldconfig_scriptlets
%changelog
* Tue Jun 11 2024 shixuantong <shixuantong1@huawei.com> - 1.4.7-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Add missing overflow check for num_values in pytdb.c
* Wed May 08 2024 wangjiang <wangjiang37@h-partners.com> - 1.4.7-2
- Type:bugfix
- CVE:NA