diff --git a/backport-0036-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch b/backport-0036-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e59ed3a5d7203128601b108e9911c6270ad2da09
--- /dev/null
+++ b/backport-0036-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch
@@ -0,0 +1,38 @@
+From a00c0ebd090f69f94ce6ba7774a9fc126d7de504 Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Mon, 13 May 2024 11:08:35 +1200
+Subject: [PATCH] s4:dsdb:strcasecmp_with_ldb_val() avoids overflow
+
+Reference: https://git.samba.org/?p=samba.git;a=patch;h=a00c0ebd090f69f94ce6ba7774a9fc126d7de504
+
+In the unlikely event that strlen(str) > INT_MAX, the result could
+have overflowed.
+
+This is not a sort transitivity issue, as this is not a symmetric sort
+comparison, but it would affect binary search reliability.
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+---
+ source4/dsdb/schema/schema_query.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c
+index fc34764..2197aea 100644
+--- a/source4/dsdb/schema/schema_query.c
++++ b/source4/dsdb/schema/schema_query.c
+@@ -52,7 +52,9 @@ static int strcasecmp_with_ldb_val(const struct ldb_val *target, const char *str
+ 			}
+ 			return 1;
+ 		}
+-		return (target->length - len);
++		if (target->length < len) {
++		        return -1;
++		}
+ 	}
+ 	return ret;
+ }
+-- 
+2.27.0
+
diff --git a/samba.spec b/samba.spec
index 5c7cefe84878e76cf01d862ba7ce896ae82b3a93..a74fa9773ae697bd6f64eabcb2064c3d7a0d692c 100644
--- a/samba.spec
+++ b/samba.spec
@@ -49,7 +49,7 @@
 
 Name:           samba
 Version:        4.17.5
-Release:        12
+Release:        13
 
 Summary:        A suite for Linux to interoperate with Windows
 License:        GPLv3+ and LGPLv3+
@@ -166,6 +166,7 @@ Patch0096:      backport-0004-CVE-2018-14628.patch
 Patch0097:      backport-0005-CVE-2018-14628.patch
 Patch0098:      backport-0006-CVE-2018-14628.patch
 Patch0099:      remove-sensitive-info.patch
+Patch0100:      backport-0036-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch
 
 
 BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
@@ -3617,6 +3618,12 @@ fi
 %endif
 
 %changelog
+* Thu Aug 8 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 4.17.5-13
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:s4:dsdb:strcasecmp_with_ldb_val() avoids overflow
+
 * Fri Jan 19 2024 xinghe <xinghe2@h-partners.com> - 4.17.5-12
 - Type:bugfix
 - ID:NA