From f72090064bd674ea3a6d6b2e7556a9a85bb01df6 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 26 Aug 2021 13:53:23 +1200
Subject: [PATCH] CVE-2021-3670 ldap_server: Set timeout on requests based on
 MaxQueryDuration

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 86fe9d48883f87c928bf31ccbd275db420386803)
---
 source4/ldap_server/ldap_backend.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index e19f82cf5dfa..c7405f666437 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -869,7 +869,17 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 		}
 	}
 
-	ldb_set_timeout(samdb, lreq, req->timelimit);
+	{
+		time_t timeout = call->conn->limits.search_timeout;
+
+		if (timeout == 0
+		    || (req->timelimit != 0
+			&& req->timelimit < timeout))
+		{
+			timeout = req->timelimit;
+		}
+		ldb_set_timeout(samdb, lreq, timeout);
+	}
 
 	if (!call->conn->is_privileged) {
 		ldb_req_mark_untrusted(lreq);