7404525 Ticket 49184 - Overflow in memberof

Authored and Committed by tbordaz 7 years ago
    Ticket 49184 - Overflow in memberof
    Bug Description:
        The function memberof_call_foreach_dn can be used to retrieve ancestors of a
        given entry. (ancestors are groups owning directly or indirectly a given entry).
        With the use of group cache in memberof, at the entrance of memberof_call_foreach_dn
        there is an attempt to get the entry ancestors from the cache.
        Before doing so it needs to test if the cache is safe. In fact in case of
        circular groups the use of the cache is disabled and lookup in the cache should not
        To know if the cache is safe it needs to access a flag (use_cache) in callback_data.
        The callback_data structure is opaque at this level. So accessing it
        while its structure is unknown is dangerous.
        The bug is that we may read an 'int' at an offset that overflow the actual structure.
        This is just a test and should not trigger a crash.
    Fix Description:
        Add a flag to call memberof_call_foreach_dn so that, that indicates if
        it is valid to use the group cache.
    Reviewed by: William Brown and Mark Reynolds (thanks to you !!)
    Platforms tested: F23
    Flag Day: no
    Doc impact: no