47 lines
1.5 KiB
Diff
47 lines
1.5 KiB
Diff
From 2041c05d9b41fb0255c3492d118628c14a0c4b3d Mon Sep 17 00:00:00 2001
|
|
From: Andrew Bartlett <abartlet@samba.org>
|
|
Date: Tue, 5 May 2020 12:55:57 +1200
|
|
Subject: [PATCH 02/22] CVE-2020-10730: vlv: Do not re-ASQ search the results
|
|
of an ASQ search with VLV
|
|
|
|
This is a silly combination, but at least try and keep the results sensible
|
|
and avoid a double-dereference.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
---
|
|
source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 11 +++++++++++
|
|
1 file changed, 11 insertions(+)
|
|
|
|
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
index 31e64b4bd78..d58a62482c9 100644
|
|
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
@@ -682,10 +682,21 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
|
|
if (control->oid == NULL) {
|
|
break;
|
|
}
|
|
+ /*
|
|
+ * Do not re-use VLV, nor the server-sort, both are
|
|
+ * already handled here.
|
|
+ */
|
|
if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
|
|
strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
|
|
continue;
|
|
}
|
|
+ /*
|
|
+ * ASQ changes everything, do not copy it down for the
|
|
+ * per-GUID search
|
|
+ */
|
|
+ if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) {
|
|
+ continue;
|
|
+ }
|
|
new_controls[j] = talloc_steal(new_controls, control);
|
|
j++;
|
|
}
|
|
--
|
|
2.17.1
|
|
|