54 lines
1.8 KiB
Diff
54 lines
1.8 KiB
Diff
From 3fd7ce69761fd2e21a85101772196aafc5ae57df Mon Sep 17 00:00:00 2001
|
|
From: Andrew Bartlett <abartlet@samba.org>
|
|
Date: Tue, 5 May 2020 16:34:11 +1200
|
|
Subject: [PATCH 04/22] CVE-2020-10730: vlv: Another workaround for mixing ASQ
|
|
and VLV
|
|
|
|
This is essentially an alternative patch, but without the correct
|
|
behaviour. Instead this just avoids a segfault.
|
|
|
|
Included in case we have something simialr again in
|
|
another module.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
---
|
|
.../dsdb/samdb/ldb_modules/vlv_pagination.c | 19 +++++++++++++++----
|
|
1 file changed, 15 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
index d58a62482c9..720b5e95638 100644
|
|
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
@@ -442,10 +442,21 @@ static int vlv_results(struct vlv_context *ac)
|
|
ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid,
|
|
ac->req->op.search.attrs);
|
|
|
|
- if (ret == LDAP_NO_SUCH_OBJECT) {
|
|
- /* The thing isn't there, which we quietly
|
|
- ignore and go on to send an extra one
|
|
- instead. */
|
|
+ if (ret == LDAP_NO_SUCH_OBJECT
|
|
+ || result->count != 1) {
|
|
+ /*
|
|
+ * The thing isn't there, which we quietly
|
|
+ * ignore and go on to send an extra one
|
|
+ * instead.
|
|
+ *
|
|
+ * result->count == 0 or > 1 can only
|
|
+ * happen if ASQ (which breaks all the
|
|
+ * rules) is somehow invoked (as this
|
|
+ * is a BASE search).
|
|
+ *
|
|
+ * (We skip the ASQ cookie for the
|
|
+ * GUID searches)
|
|
+ */
|
|
if (last_i < ac->store->num_entries - 1) {
|
|
last_i++;
|
|
}
|
|
--
|
|
2.17.1
|
|
|