From dc9c713f01995ee3c00d92231c00abe18542e94e Mon Sep 17 00:00:00 2001
From: Zhang Yaqi <zhangyaqi@kylinos.cn>
Date: Thu, 8 Aug 2024 19:23:48 +0800
Subject: [PATCH] s4:dsdb:strcasecmp_with_ldb_val() avoids overflow

---
 ...casecmp_with_ldb_val-avoids-overflow.patch | 37 +++++++++++++++++++
 samba.spec                                    |  9 ++++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 backport-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch

diff --git a/backport-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch b/backport-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch
new file mode 100644
index 0000000..a405515
--- /dev/null
+++ b/backport-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch
@@ -0,0 +1,37 @@
+From a00c0ebd090f69f94ce6ba7774a9fc126d7de504 Mon Sep 17 00:00:00 2001
+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Date: Mon, 13 May 2024 11:08:35 +1200
+Subject: [PATCH] s4:dsdb:strcasecmp_with_ldb_val() avoids overflow
+
+Reference: https://git.samba.org/?p=samba.git;a=patch;h=a00c0ebd090f69f94ce6ba7774a9fc126d7de504
+
+In the unlikely event that strlen(str) > INT_MAX, the result could
+have overflowed.
+
+This is not a sort transitivity issue, as this is not a symmetric sort
+comparison, but it would affect binary search reliability.
+
+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+---
+ source4/dsdb/schema/schema_query.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c
+index fc34764..2197aea 100644
+--- a/source4/dsdb/schema/schema_query.c
++++ b/source4/dsdb/schema/schema_query.c
+@@ -52,7 +52,9 @@ static int strcasecmp_with_ldb_val(const struct ldb_val *target, const char *str
+ 			}
+ 			return 1;
+ 		}
+-		return (target->length - len);
++		if (target->length < len) {
++		        return -1;
++		}
+ 	}
+ 	return ret;
+ }
+-- 
+2.27.0
+
diff --git a/samba.spec b/samba.spec
index 3fb7666..cda695e 100644
--- a/samba.spec
+++ b/samba.spec
@@ -49,7 +49,7 @@
 
 Name:           samba
 Version:        4.15.3
-Release:        26
+Release:        27
 
 Summary:        A suite for Linux to interoperate with Windows
 License:        GPLv3+ and LGPLv3+
@@ -334,6 +334,7 @@ Patch264:       backport-0004-CVE-2018-14628.patch
 Patch265:       backport-0005-CVE-2018-14628.patch
 Patch266:       backport-0006-CVE-2018-14628.patch
 Patch267:       remove-sensitive-info.patch
+Patch268:       backport-dsdb-strcasecmp_with_ldb_val-avoids-overflow.patch
 
 
 BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
@@ -3665,6 +3666,12 @@ fi
 %endif
 
 %changelog
+* Thu Aug 8 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 4.15.3-27
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:s4:dsdb:strcasecmp_with_ldb_val() avoids overflow
+
 * Fri Jan 19 2024 xinghe <xinghe2@h-partners.com> - 4.15.3-26
 - Type:bugfix
 - ID:NA
-- 
Gitee