!49 [sync] PR-41: Add missing overflow check for num_values in pytdb.c

From: @openeuler-sync-bot 
Reviewed-by: @hubin95 
Signed-off-by: @hubin95

backport-Add-missing-overflow-check-for-num_values-in-pytdb.c.patch

@@ -0,0 +1,51 @@
+From 82b07bd048e8039896be7edec6b83cbd6ff218d9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 30 Apr 2024 14:16:33 +0200
+Subject: [PATCH] lib:tdb: Add missing overflow check for num_values in pytdb.c
+
+Reference:https://github.com/samba-team/samba/commit/82b07bd048e8039896be7edec6b83cbd6ff218d9
+Conflict:NA
+
+Error: INTEGER_OVERFLOW (CWE-190):
+tdb-1.4.10/pytdb.c:401: cast_overflow: Truncation due to cast operation on "num_values" from 64 to 32 bits.
+tdb-1.4.10/pytdb.c:401: overflow_sink: "num_values", which might have overflowed, is passed to "tdb_storev(self->ctx, key, values, num_values, flag)".
+  399|           }
+  400|
+  401|->         ret = tdb_storev(self->ctx, key, values, num_values, flag);
+  402|           free(values);
+  403|           PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+---
+ pytdb.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/pytdb.c b/pytdb.c
+index d47d933..4d0b9d4 100644
+--- a/pytdb.c
++++ b/pytdb.c
+@@ -407,6 +407,10 @@ static PyObject *obj_storev(PyTdbObject *self, PyObject *args)
+ 		PyErr_SetFromErrno(PyExc_OverflowError);
+ 		return NULL;
+ 	}
++	if (num_values > INT_MAX) {
++		PyErr_SetFromErrno(PyExc_OverflowError);
++		return NULL;
++	}
+ 	values = malloc(sizeof(TDB_DATA) * num_values);
+ 	if (values == NULL) {
+ 		PyErr_NoMemory();
+@@ -422,7 +426,7 @@ static PyObject *obj_storev(PyTdbObject *self, PyObject *args)
+ 		values[i] = value;
+ 	}
+ 
+-	ret = tdb_storev(self->ctx, key, values, num_values, flag);
++	ret = tdb_storev(self->ctx, key, values, (int)num_values, flag);
+ 	free(values);
+ 	PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
+ 	Py_RETURN_NONE;
+-- 
+2.33.0
+
+

backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch

@@ -0,0 +1,40 @@
+From 757cd49b8445f22c2c19380e948e7aba5a76399a Mon Sep 17 00:00:00 2001
+From: Joseph Sutton <josephsutton@catalyst.net.nz>
+Date: Fri, 6 Oct 2023 13:54:02 +1300
+Subject: [PATCH] =?UTF-8?q?tdb:=20Do=20not=20pass=20non=E2=80=93null?=
+ =?UTF-8?q?=E2=80=90terminated=20strings=20to=20strcmp()=20(CID=201449485)?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Reference:https://github.com/samba-team/samba/commit/757cd49b8445f22c2c19380e948e7aba5a76399a
+Conflict:NA
+---
+ common/open.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/common/open.c b/common/open.c
+index f7f65b0..4e138c6 100644
+--- a/common/open.c
++++ b/common/open.c
+@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
+ 
+ 	errno = 0;
+ 	if (read(tdb->fd, &header, sizeof(header)) != sizeof(header)
+-	    || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) {
++	    /*
++	     * Call strncmp() rather than strcmp() in case header.magic_food is
++	     * not zero‐terminated. We’re still checking the full string for
++	     * equality, as tdb_header::magic_food is larger than
++	     * TDB_MAGIC_FOOD.
++	     */
++	    || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) {
+ 		if (!(open_flags & O_CREAT) ||
+ 		    tdb_new_database(tdb, &header, hash_size) == -1) {
+ 			if (errno == 0) {
+-- 
+2.33.0
+

libtdb.spec

@@ -1,11 +1,14 @@
 Name: libtdb
-Version: 1.4.5
+Version: 1.4.9
 Release: 3
 Summary: The Tdb library
 License: LGPLv3+
 URL: http://tdb.samba.org/
 Source: http://samba.org/ftp/tdb/tdb-%{version}.tar.gz
 
+Patch6000:  backport-tdb-Do-not-pass-non-null-terminated-strings-to-strcm.patch
+Patch6001:  backport-Add-missing-overflow-check-for-num_values-in-pytdb.c.patch
+
 BuildRequires: gcc libxslt docbook-style-xsl
 BuildRequires: python3-devel
 Provides: bundled(libreplace)
@@ -87,6 +90,27 @@ make %{?_smp_mflags} check
 %ldconfig_scriptlets
 
 %changelog
+* Tue Jun 11 2024 shixuantong <shixuantong1@huawei.com> - 1.4.9-3
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Add missing overflow check for num_values in pytdb.c
+
+* Wed May 08 2024 wangjiang <wangjiang37@h-partners.com> - 1.4.9-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:tdb: Do not pass non–null‐terminated strings to strcmp()
+
+* Thu Aug 17 2023 dillon chen <dillon.chen@gmail.com> - 1.4.9-1
+- upgrade version to 1.4.9
+
+* Fri Jul 14 2023 niuyaru <niuyaru@kylinos.cn> - 1.4.8-1
+- upgrade version to 1.4.8
+
+* Sat Nov 05 2022 shixuantong<shixuantong1@huawei.com> - 1.4.7-1
+- upgrade version to 1.4.7
+
 * Tue May 10 2022 mylee <liweiganga@uniontech.com> - 1.4.5-3
 - fix spec changelog date