Closed Bug 602920 Opened 9 years ago Closed 9 years ago
Use ASLR in LDAP C SDK if it's available
CERT (INFO#335902) reported to security@ that the following DLLs were not being protected by ASLR in Thunderbird: * nsldap32v60.dll * nsldappr32v60.dll * nsldif32v60.dll This might affect SeaMonkey as well. directory/c-sdk/configure.in lives in CVS and is pulled into comm-central via a CVS tag. It seems to have its origins from NSPR, so probably can use a similar fix as NSPR in order to get this working.
Summary: Use ASLR in LDAP C-SDK if it's available → Use ASLR in LDAP C SDK if it's available
Assignee: nobody → khuey
Status: NEW → ASSIGNED
Comment on attachment 482088 [details] [diff] [review] Patch Please use the actual code that nsprpub/configure.in is using... I think you used some code from one of the patches on the bug, which isn't the final version of what works. >+ if test "$_CC_MAJOR_VERSION" = "14"; then -eq >+ elif test $_CC_MAJOR_VERSION -gt 15; then -ge Probably should standardize on "$var" vs. $var, but that's a problem elsewhere, as well. I prefer "$var", as spaces could break something easily, so it's better to account for them always, even when they aren't expected.
Attachment #482088 - Flags: review-
Marking "blocking needed" so any branch approval request on a patch gets quicker notice.
I copied and pasted this time.
9 years ago
Attachment #484592 - Flags: review?(reed) → review?(bugzilla)
Comment on attachment 484592 [details] [diff] [review] Patch [Checked in: Comment 6] I've tested this and it seems to work fine. This should probably get an ok from Rich as well. (Note that ldap is now in Mercurial, so we'll need to land this there when it gets approval, but I can manage that if you want as we'll need to land it in special places).
Landed on default http://hg.mozilla.org/projects/ldap-sdks/rev/59843de7769c Please propagate this to any other tags it needs to go on, my knowledge of LDAP's release processes is non-existent.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
comm-central's client.py has the following: # LDAPSDKS 'LDAPSDKS_REPO': 'http://hg.mozilla.org/projects/ldap-sdks/', 'LDAPSDKS_REV': 'LDAPCSDK_6_0_6D_MOZILLA_RTM', Need to create a new tag and update client.py to pull the right one.
(In reply to comment #7) > comm-central's client.py has the following: > # LDAPSDKS > 'LDAPSDKS_REPO': 'http://hg.mozilla.org/projects/ldap-sdks/', > 'LDAPSDKS_REV': 'LDAPCSDK_6_0_6D_MOZILLA_RTM', > > Need to create a new tag and update client.py to pull the right one. Yep, I'll manage all of that.
(there's other things I need to address as well to get it right).
Bah I bet my editor screwed up tabs.
Comment on attachment 501133 [details] [diff] [review] (Bv1) Fix version check, And indentation [Checked in: Comment 12] http://hg.mozilla.org/projects/ldap-sdks/rev/d8ba98779eb3
Attachment #501133 - Attachment description: (Bv1) Fix version check, And indentation → (Bv1) Fix version check, And indentation [Checked in: Comment 12]
Attachment #484592 - Attachment description: Patch → Patch [Checked in: Comment 6]
FTR Bug 623497 is updating trunk to use a new version of LDAP c-sdk and hence picking this up there. Bug 623498 is picking this up on the branches for Thunderbird and SeaMonkey.
I've now landed these patches in cvs and in ldap: 2011-01-17 03:31 bugzilla%standard8.plus.com mozilla/directory/c-sdk/configure 220.127.116.11 LDAPCSDK_6_0_6D_BRANCH 67/48 Bug 602920 Use ASLR in LDAP C SDK if it's available. p=Kyle Huey <firstname.lastname@example.org>,r=Standard8,r=richm 2011-01-17 03:23 bugzilla%standard8.plus.com mozilla/directory/c-sdk/configure.in 18.104.22.168 LDAPCSDK_6_0_6D_BRANCH 25/3 http://hg.mozilla.org/projects/ldap-sdks/rev/1ecd9e38ee28 They are both tagged LDAPCSDK_6_0_6E_MOZILLA_RTM Bug 623498 will handle the necessary client.py changes.
Branch fields aren't really relevant in this product, fixed on the right branches with bug 623498
You need to log in before you can comment on or make changes to this bug.