From f9b2267c6eb8138fc94df7a138ad5d87526f1d79 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 28 Sep 2021 17:20:43 +1300
Subject: [PATCH] CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration
 is greater than zero

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit e1ab0c43629686d1d2c0b0b2bcdc90057a792049)
---
 source4/ldap_server/ldap_server.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 20442ecd9e57..bde2ecfa47f0 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -255,7 +255,9 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
 			continue;
 		}
 		if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
-			conn->limits.search_timeout = policy_value;
+			if (policy_value > 0) {
+				conn->limits.search_timeout = policy_value;
+			}
 			continue;
 		}
 	}