Closed Bug 602920 Opened 9 years ago Closed 9 years ago

Use ASLR in LDAP C SDK if it's available

Categories

(Directory :: LDAP C SDK, defect)

x86
Windows Vista
defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: reed, Assigned: khuey)

References

(Blocks 1 open bug)

Details

(Whiteboard: [sg:want][tb31wants])

Attachments

(2 files, 1 obsolete file)

CERT (INFO#335902) reported to security@ that the following DLLs were not being protected by ASLR in Thunderbird:
* nsldap32v60.dll
* nsldappr32v60.dll
* nsldif32v60.dll

This might affect SeaMonkey as well.

directory/c-sdk/configure.in lives in CVS and is pulled into comm-central via a CVS tag. It seems to have its origins from NSPR, so probably can use a similar fix as NSPR in order to get this working.
Summary: Use ASLR in LDAP C-SDK if it's available → Use ASLR in LDAP C SDK if it's available
Assignee: nobody → khuey
Status: NEW → ASSIGNED
Comment on attachment 482088 [details] [diff] [review]
Patch

Please use the actual code that nsprpub/configure.in is using... I think you used some code from one of the patches on the bug, which isn't the final version of what works.
>+        if test "$_CC_MAJOR_VERSION" = "14"; then

-eq

>+        elif test $_CC_MAJOR_VERSION -gt 15; then

-ge

Probably should standardize on "$var" vs. $var, but that's a problem elsewhere, as well. I prefer "$var", as spaces could break something easily, so it's better to account for them always, even when they aren't expected.
Attachment #482088 - Flags: review-
Marking "blocking needed" so any branch approval request on a patch gets quicker notice.
blocking1.9.1: --- → needed
blocking1.9.2: --- → needed
I copied and pasted this time.
Attachment #482088 - Attachment is obsolete: true
Attachment #484592 - Flags: review?(reed)
Whiteboard: [sg:want] → [sg:want][tb31wants]
Attachment #484592 - Flags: review?(reed) → review?(bugzilla)
Comment on attachment 484592 [details] [diff] [review]
Patch
[Checked in: Comment 6]

I've tested this and it seems to work fine. This should probably get an ok from Rich as well.

(Note that ldap is now in Mercurial, so we'll need to land this there when it gets approval, but I can manage that if you want as we'll need to land it in special places).
Attachment #484592 - Flags: review?(richm)
Attachment #484592 - Flags: review?(bugzilla)
Attachment #484592 - Flags: review+
Attachment #484592 - Flags: review?(richm) → review+
Landed on default

http://hg.mozilla.org/projects/ldap-sdks/rev/59843de7769c

Please propagate this to any other tags it needs to go on, my knowledge of LDAP's release processes is non-existent.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
comm-central's client.py has the following:
  # LDAPSDKS
  'LDAPSDKS_REPO': 'http://hg.mozilla.org/projects/ldap-sdks/',
  'LDAPSDKS_REV': 'LDAPCSDK_6_0_6D_MOZILLA_RTM',

Need to create a new tag and update client.py to pull the right one.
(In reply to comment #7)
> comm-central's client.py has the following:
>   # LDAPSDKS
>   'LDAPSDKS_REPO': 'http://hg.mozilla.org/projects/ldap-sdks/',
>   'LDAPSDKS_REV': 'LDAPCSDK_6_0_6D_MOZILLA_RTM',
> 
> Need to create a new tag and update client.py to pull the right one.

Yep, I'll manage all of that.
(there's other things I need to address as well to get it right).
Depends on: 610936
Bah I bet my editor screwed up tabs.
Attachment #501133 - Flags: review?(richm) → review+
No longer depends on: 610936
Comment on attachment 501133 [details] [diff] [review]
(Bv1) Fix version check, And indentation
[Checked in: Comment 12]

http://hg.mozilla.org/projects/ldap-sdks/rev/d8ba98779eb3
Attachment #501133 - Attachment description: (Bv1) Fix version check, And indentation → (Bv1) Fix version check, And indentation [Checked in: Comment 12]
Attachment #484592 - Attachment description: Patch → Patch [Checked in: Comment 6]
Blocks: 623498
FTR Bug 623497 is updating trunk to use a new version of LDAP c-sdk and hence picking this up there.

Bug 623498 is picking this up on the branches for Thunderbird and SeaMonkey.
I've now landed these patches in cvs and in ldap:

2011-01-17 03:31	bugzilla%standard8.plus.com 	mozilla/directory/c-sdk/configure 	5.80.2.1 	LDAPCSDK_6_0_6D_BRANCH  	67/48  	Bug 602920 Use ASLR in LDAP C SDK if it's available. p=Kyle Huey <khuey@kylehuey.com>,r=Standard8,r=richm
2011-01-17 03:23	bugzilla%standard8.plus.com 	mozilla/directory/c-sdk/configure.in 	5.74.2.1 	LDAPCSDK_6_0_6D_BRANCH  	25/3 

http://hg.mozilla.org/projects/ldap-sdks/rev/1ecd9e38ee28

They are both tagged LDAPCSDK_6_0_6E_MOZILLA_RTM

Bug 623498 will handle the necessary client.py changes.
Branch fields aren't really relevant in this product, fixed on the right branches with bug 623498
blocking1.9.1: needed → ---
blocking1.9.2: needed → ---
You need to log in before you can comment on or make changes to this bug.