Update contrib/libs/openldap to 2.6.7

author: robot-contrib <robot-contrib@yandex-team.com> 2024-02-13 07:58:30 +0300
committer: Daniil Cherednik <dcherednik@ydb.tech> 2024-02-14 14:26:36 +0000
commit: a1c2fd9f4ef13bb1619d2821c479f4f6cb1387ad (patch)
tree: cd4ad59de9d85baca7a4e7a4b0d1f6472fc4af76 /contrib/libs/openldap/libraries/libldap
parent: d604fdad9dea3042407131b8115fb8a0c943cd11 (diff)
download: ydb-a1c2fd9f4ef13bb1619d2821c479f4f6cb1387ad.tar.gz
8 files changed, 92 insertions, 132 deletions
diff --git a/contrib/libs/openldap/libraries/libldap/getdn.c b/contrib/libs/openldap/libraries/libldap/getdn.c
index 617059621f..7d8b52f1e4 100644
--- a/contrib/libs/openldap/libraries/libldap/getdn.c
+++ b/contrib/libs/openldap/libraries/libldap/getdn.c
@@ -2562,6 +2562,8 @@ rdn2strlen( LDAPRDN rdn, unsigned flags, ber_len_t *len,
 			l += vl;
 		}
 	}
+	if ( !iAVA )
+		return( -1 );	/* RDN ::= SET SIZE (1..MAX) OF AVA */
 	
 	*len = l;
 	
@@ -2635,6 +2637,8 @@ rdn2DCEstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
 			l += vl;
 		}
 	}
+	if ( !iAVA )
+		return( -1 );	/* RDN ::= SET SIZE (1..MAX) OF AVA */
 	
 	*len = l;
 	
@@ -2716,6 +2720,8 @@ rdn2UFNstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
 			l += vl;
 		}
 	}
+	if ( !iAVA )
+		return( -1 );	/* RDN ::= SET SIZE (1..MAX) OF AVA */
 	
 	*len = l;
 	
@@ -2794,6 +2800,8 @@ rdn2ADstrlen( LDAPRDN rdn, unsigned flags, ber_len_t *len )
 			l += vl;
 		}
 	}
+	if ( !iAVA )
+		return( -1 );	/* RDN ::= SET SIZE (1..MAX) OF AVA */
 	
 	*len = l;
 	
diff --git a/contrib/libs/openldap/libraries/libldap/init.c b/contrib/libs/openldap/libraries/libldap/init.c
index 3a81790dcf..b9915533bd 100644
--- a/contrib/libs/openldap/libraries/libldap/init.c
+++ b/contrib/libs/openldap/libraries/libldap/init.c
@@ -544,9 +544,6 @@ ldap_int_destroy_global_options(void)
 		gopts->ldo_def_sasl_authcid = NULL;
 	}
 #endif
-#ifdef HAVE_TLS
-	ldap_int_tls_destroy( gopts );
-#endif
 }
 
 /* 
diff --git a/contrib/libs/openldap/libraries/libldap/open.c b/contrib/libs/openldap/libraries/libldap/open.c
index bfdbb2575d..93720ebc91 100644
--- a/contrib/libs/openldap/libraries/libldap/open.c
+++ b/contrib/libs/openldap/libraries/libldap/open.c
@@ -543,6 +543,7 @@ ldap_int_open_connection(
 				LDAP_MUTEX_UNLOCK( &lo->ldo_mutex );
 			}
 			ber_int_sb_close( conn->lconn_sb );
+			ber_int_sb_destroy( conn->lconn_sb );
 			return -1;
 		}
 	}
diff --git a/contrib/libs/openldap/libraries/libldap/tls2.c b/contrib/libs/openldap/libraries/libldap/tls2.c
index dff845bc10..4bfc346c70 100644
--- a/contrib/libs/openldap/libraries/libldap/tls2.c
+++ b/contrib/libs/openldap/libraries/libldap/tls2.c
@@ -160,6 +160,14 @@ ldap_pvt_tls_destroy( void )
 	tls_imp->ti_tls_destroy();
 }
 
+static void
+ldap_exit_tls_destroy( void )
+{
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
+
+	ldap_int_tls_destroy( lo );
+}
+
 /*
  * Initialize a particular TLS implementation.
  * Called once per implementation.
@@ -168,6 +176,7 @@ static int
 tls_init(tls_impl *impl, int do_threads )
 {
 	static int tls_initialized = 0;
+	int rc;
 
 	if ( !tls_initialized++ ) {
 #ifdef LDAP_R_COMPILE
@@ -183,7 +192,10 @@ tls_init(tls_impl *impl, int do_threads )
 #endif
 	}
 
-	return impl->ti_tls_init();
+	rc = impl->ti_tls_init();
+
+	atexit( ldap_exit_tls_destroy );
+	return rc;
 }
 
 /*
diff --git a/contrib/libs/openldap/libraries/libldap/tls_o.c b/contrib/libs/openldap/libraries/libldap/tls_o.c
index 8f1d84efa1..6847ef33b4 100644
--- a/contrib/libs/openldap/libraries/libldap/tls_o.c
+++ b/contrib/libs/openldap/libraries/libldap/tls_o.c
@@ -296,7 +296,7 @@ tlso_stecpy( char *dst, const char *src, const char *end )
  * Try to find any TLS1.3 ciphers in the given list of suites.
  */
 static void
-tlso_ctx_cipher13( tlso_ctx *ctx, char *suites )
+tlso_ctx_cipher13( tlso_ctx *ctx, char *suites, char **oldsuites )
 {
 	char tls13_suites[1024], *ts = tls13_suites, *te = tls13_suites + sizeof(tls13_suites);
 	char *ptr, *colon, *nptr;
@@ -305,6 +305,8 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites )
 	SSL *s = SSL_new( ctx );
 	int ret;
 
+	*oldsuites = NULL;
+
 	if ( !s )
 		return;
 
@@ -336,8 +338,15 @@ tlso_ctx_cipher13( tlso_ctx *ctx, char *suites )
 					if ( tls13_suites[0] )
 						ts = tlso_stecpy( ts, ":", te );
 					ts = tlso_stecpy( ts, nptr, te );
+				} else if (! *oldsuites) {
+					/* should never happen, set_ciphersuites should
+					 * only succeed for TLSv1.3 and above
+					 */
+					*oldsuites = ptr;
 				}
 			}
+		} else if (! *oldsuites) {
+			*oldsuites = ptr;
 		}
 		if ( !colon || ts >= te )
 			break;
@@ -417,10 +426,11 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server, char *
 	}
 
 	if ( lo->ldo_tls_ciphersuite ) {
+		char *oldsuites = lt->lt_ciphersuite;
 #if OPENSSL_VERSION_NUMBER >= 0x10101000
-		tlso_ctx_cipher13( ctx, lt->lt_ciphersuite );
+		tlso_ctx_cipher13( ctx, lt->lt_ciphersuite, &oldsuites );
 #endif
-		if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )
+		if ( oldsuites && !SSL_CTX_set_cipher_list( ctx, oldsuites ) )
 		{
 			Debug1( LDAP_DEBUG_ANY,
 				   "TLS: could not set cipher list %s.\n",
@@ -553,7 +563,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server, char *
 	if ( is_server && lo->ldo_tls_dhfile ) {
 #if OPENSSL_VERSION_MAJOR >= 3
 		EVP_PKEY *dh;
-#define	bio_params( bio, dh )	dh = PEM_read_bio_Parameters( bio, &dh )
+#define	bio_params( bio, dh )	dh = PEM_read_bio_Parameters( bio, NULL )
 #else
 		DH *dh;
 #define	bio_params( bio, dh )	dh = PEM_read_bio_DHparams( bio, NULL, NULL, NULL )
diff --git a/contrib/libs/openldap/libraries/libldap/url.c b/contrib/libs/openldap/libraries/libldap/url.c
index 493fd7ce47..a56af3093c 100644
--- a/contrib/libs/openldap/libraries/libldap/url.c
+++ b/contrib/libs/openldap/libraries/libldap/url.c
@@ -867,6 +867,10 @@ ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp, unsigned flags
 	}
 
 	if ( enclosed ) {
+		if ( ! *url ) {
+			LDAP_FREE( url );
+			return LDAP_URL_ERR_BADENCLOSURE;
+		}
 		p = &url[strlen(url)-1];
 
 		if( *p != '>' ) {
diff --git a/contrib/libs/openldap/libraries/libldap/util-int.c b/contrib/libs/openldap/libraries/libldap/util-int.c
index 57c6523381..7cab9ea3e5 100644
--- a/contrib/libs/openldap/libraries/libldap/util-int.c
+++ b/contrib/libs/openldap/libraries/libldap/util-int.c
@@ -182,116 +182,65 @@ static int _ldap_pvt_gt_subs;
  * This is pretty clunky.
  */
 static LARGE_INTEGER _ldap_pvt_gt_freq;
-static LARGE_INTEGER _ldap_pvt_gt_prev;
-static int _ldap_pvt_gt_offset;
+static LARGE_INTEGER _ldap_pvt_gt_start_count;
+static long _ldap_pvt_gt_start_sec;
+static long _ldap_pvt_gt_start_nsec;
+static double _ldap_pvt_gt_nanoticks;
 
 #define SEC_TO_UNIX_EPOCH 11644473600LL
 #define TICKS_PER_SECOND 10000000
 #define BILLION	1000000000L
 
 static int
-ldap_pvt_gettimensec(int *sec)
+ldap_pvt_gettimensec(long *sec)
 {
 	LARGE_INTEGER count;
+	LARGE_INTEGER freq;
+	int nsec;
 
-	QueryPerformanceCounter( &count );
-
-	/* It shouldn't ever go backwards, but multiple CPUs might
-	 * be able to hit in the same tick.
-	 */
-	LDAP_MUTEX_LOCK( &ldap_int_gettime_mutex );
+	QueryPerformanceFrequency( &freq );
 	/* We assume Windows has at least a vague idea of
 	 * when a second begins. So we align our nanosecond count
-	 * with the Windows millisecond count using this offset.
-	 * We retain the submillisecond portion of our own count.
-	 *
-	 * Note - this also assumes that the relationship between
-	 * the PerformanceCounter and SystemTime stays constant;
-	 * that assumption breaks if the SystemTime is adjusted by
-	 * an external action.
+	 * with the Windows millisecond count.
 	 */
-	if ( !_ldap_pvt_gt_freq.QuadPart ) {
-		LARGE_INTEGER c2;
+	if ( freq.QuadPart != _ldap_pvt_gt_freq.QuadPart ) {
 		ULARGE_INTEGER ut;
 		FILETIME ft0, ft1;
-		long long t;
-		int nsec;
-
-		/* Initialize our offset */
-		QueryPerformanceFrequency( &_ldap_pvt_gt_freq );
-
+		/* initialize */
+		LDAP_MUTEX_LOCK( &ldap_int_gettime_mutex );
 		/* Wait for a tick of the system time: 10-15ms */
 		GetSystemTimeAsFileTime( &ft0 );
 		do {
 			GetSystemTimeAsFileTime( &ft1 );
 		} while ( ft1.dwLowDateTime == ft0.dwLowDateTime );
+		QueryPerformanceCounter( &_ldap_pvt_gt_start_count );
 
 		ut.LowPart = ft1.dwLowDateTime;
 		ut.HighPart = ft1.dwHighDateTime;
-		QueryPerformanceCounter( &c2 );
-
-		/* get second and fraction portion of counter */
-		t = c2.QuadPart % (_ldap_pvt_gt_freq.QuadPart*10);
-
-		/* convert to nanoseconds */
-		t *= BILLION;
-		nsec = t / _ldap_pvt_gt_freq.QuadPart;
-
-		ut.QuadPart /= 10;
-		ut.QuadPart %= (10 * BILLION);
-		_ldap_pvt_gt_offset = nsec - ut.QuadPart;
-		count = c2;
+		_ldap_pvt_gt_start_nsec = ut.QuadPart % TICKS_PER_SECOND * 100;
+		_ldap_pvt_gt_start_sec = ut.QuadPart / TICKS_PER_SECOND - SEC_TO_UNIX_EPOCH;
+		_ldap_pvt_gt_freq = freq;
+		_ldap_pvt_gt_nanoticks = (double)BILLION / freq.QuadPart;
+		LDAP_MUTEX_UNLOCK( &ldap_int_gettime_mutex );
 	}
-	if ( count.QuadPart <= _ldap_pvt_gt_prev.QuadPart ) {
-		_ldap_pvt_gt_subs++;
-	} else {
-		_ldap_pvt_gt_subs = 0;
-		_ldap_pvt_gt_prev = count;
+	QueryPerformanceCounter( &count );
+	count.QuadPart -= _ldap_pvt_gt_start_count.QuadPart;
+	*sec = _ldap_pvt_gt_start_sec + count.QuadPart / freq.QuadPart;
+	nsec = _ldap_pvt_gt_start_nsec + (double)(count.QuadPart % freq.QuadPart) * _ldap_pvt_gt_nanoticks;
+	if ( nsec > BILLION) {
+		nsec -= BILLION;
+		(*sec)++;
 	}
-	LDAP_MUTEX_UNLOCK( &ldap_int_gettime_mutex );
-
-	/* convert to nanoseconds */
-	count.QuadPart %= _ldap_pvt_gt_freq.QuadPart*10;
-	count.QuadPart *= BILLION;
-	count.QuadPart /= _ldap_pvt_gt_freq.QuadPart;
-	count.QuadPart -= _ldap_pvt_gt_offset;
-
-	/* We've extracted the 1s and nanoseconds.
-	 * The 1sec digit is used to detect wraparound in nanosecnds.
-	 */
-	if (count.QuadPart < 0)
-		count.QuadPart += (10 * BILLION);
-	else if (count.QuadPart >= (10 * BILLION))
-		count.QuadPart -= (10 * BILLION);
-
-	*sec = count.QuadPart / BILLION;
-	return count.QuadPart % BILLION;
+	return nsec;
 }
 
-
 /* emulate POSIX clock_gettime */
 int
 ldap_pvt_clock_gettime( int clk_id, struct timespec *tv )
 {
-	FILETIME ft;
-	ULARGE_INTEGER ut;
-	int sec, sec0;
-
-	GetSystemTimeAsFileTime( &ft );
-	ut.LowPart = ft.dwLowDateTime;
-	ut.HighPart = ft.dwHighDateTime;
-
-	/* convert to sec */
-	ut.QuadPart /= TICKS_PER_SECOND;
-
-	tv->tv_nsec = ldap_pvt_gettimensec(&sec);
-	tv->tv_sec = ut.QuadPart - SEC_TO_UNIX_EPOCH;
-
-	/* check for carry from microseconds */
-	sec0 = tv->tv_sec % 10;
-	if (sec0 < sec || (sec0 == 9 && !sec))
-		tv->tv_sec++;
-
+	long sec;
+	tv->tv_nsec = ldap_pvt_gettimensec( &sec );
+	tv->tv_sec = sec;
 	return 0;
 }
 
@@ -306,6 +255,8 @@ ldap_pvt_gettimeofday( struct timeval *tv, void *unused )
 	return 0;
 }
 
+static long _ldap_pvt_gt_prevsec;
+static int _ldap_pvt_gt_prevnsec;
 
 /* return a broken out time, with nanoseconds
  */
@@ -313,17 +264,18 @@ void
 ldap_pvt_gettime( struct lutil_tm *tm )
 {
 	SYSTEMTIME st;
-	int sec, sec0;
-	static const char daysPerMonth[] = {
-	31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
+	LARGE_INTEGER ft;
+	long sec;
 
-	GetSystemTime( &st );
+	/* Convert sec/nsec to Windows FILETIME,
+	 * then turn that into broken out SYSTEMTIME */
 	tm->tm_nsec = ldap_pvt_gettimensec(&sec);
-	tm->tm_usub = _ldap_pvt_gt_subs;
+	ft.QuadPart = sec;
+	ft.QuadPart += SEC_TO_UNIX_EPOCH;
+	ft.QuadPart *= TICKS_PER_SECOND;
+	ft.QuadPart += tm->tm_nsec / 100;
+	FileTimeToSystemTime( (FILETIME *)&ft, &st );
 
-	/* any difference larger than nanoseconds is
-	 * already reflected in st
-	 */
 	tm->tm_sec = st.wSecond;
 	tm->tm_min = st.wMinute;
 	tm->tm_hour = st.wHour;
@@ -331,42 +283,18 @@ ldap_pvt_gettime( struct lutil_tm *tm )
 	tm->tm_mon = st.wMonth - 1;
 	tm->tm_year = st.wYear - 1900;
 
-	/* check for carry from nanoseconds */
-	sec0 = tm->tm_sec % 10;
-	if (sec0 < sec || (sec0 == 9 && !sec)) {
-		tm->tm_sec++;
-		/* FIXME: we don't handle leap seconds */
-		if (tm->tm_sec > 59) {
-			tm->tm_sec = 0;
-			tm->tm_min++;
-			if (tm->tm_min > 59) {
-				tm->tm_min = 0;
-				tm->tm_hour++;
-				if (tm->tm_hour > 23) {
-					int days = daysPerMonth[tm->tm_mon];
-					tm->tm_hour = 0;
-					tm->tm_mday++;
-
-					/* if it's February of a leap year,
-					 * add 1 day to this month
-					 */
-					if (tm->tm_mon == 1 &&
-						((!(st.wYear % 4) && (st.wYear % 100)) ||
-						!(st.wYear % 400)))
-						days++;
-
-					if (tm->tm_mday > days) {
-						tm->tm_mday = 1;
-						tm->tm_mon++;
-						if (tm->tm_mon > 11) {
-							tm->tm_mon = 0;
-							tm->tm_year++;
-						}
-					}
-				}
-			}
-		}
+	LDAP_MUTEX_LOCK( &ldap_int_gettime_mutex );
+	if ( tm->tm_sec < _ldap_pvt_gt_prevsec
+		|| ( tm->tm_sec == _ldap_pvt_gt_prevsec
+		&& tm->tm_nsec <= _ldap_pvt_gt_prevnsec )) {
+		_ldap_pvt_gt_subs++;
+	} else {
+		_ldap_pvt_gt_subs = 0;
+		_ldap_pvt_gt_prevsec = sec;
+		_ldap_pvt_gt_prevnsec = tm->tm_nsec;
 	}
+	LDAP_MUTEX_UNLOCK( &ldap_int_gettime_mutex );
+	tm->tm_usub = _ldap_pvt_gt_subs;
 }
 #else
 
diff --git a/contrib/libs/openldap/libraries/libldap/version.c b/contrib/libs/openldap/libraries/libldap/version.c
index fad5f1a830..4346e79546 100644
--- a/contrib/libs/openldap/libraries/libldap/version.c
+++ b/contrib/libs/openldap/libraries/libldap/version.c
@@ -17,6 +17,6 @@ static const char copyright[] =
 "COPYING RESTRICTIONS APPLY\n";
 
 static const char __Version[] =
-"@(#) $OpenLDAP: libldap.la 2.6.6 (" __DATE__ " " __TIME__ ") $\n"
+"@(#) $OpenLDAP: libldap.la 2.6.7 (" __DATE__ " " __TIME__ ") $\n"
 "\topenldap\n";
author	robot-contrib <robot-contrib@yandex-team.com>	2024-02-13 07:58:30 +0300
committer	Daniil Cherednik <dcherednik@ydb.tech>	2024-02-14 14:26:36 +0000
commit	a1c2fd9f4ef13bb1619d2821c479f4f6cb1387ad (patch)
tree	cd4ad59de9d85baca7a4e7a4b0d1f6472fc4af76 /contrib/libs/openldap/libraries/libldap
parent	d604fdad9dea3042407131b8115fb8a0c943cd11 (diff)
download	ydb-a1c2fd9f4ef13bb1619d2821c479f4f6cb1387ad.tar.gz