48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
From 0af7600146dda42beb4c06a197f76ae51156cd21 Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Fri, 28 May 2021 14:15:43 +1200
|
|
Subject: [PATCH 006/284] CVE-2020-25718 pyldb: Fix Message.items() for a
|
|
|
|
Conflict: NA
|
|
Reference: https://git.samba.org/samba.git/?p=samba.git;a=patch;h=0af7600146dda42beb4c06a197f76ae51156cd21
|
|
|
|
message containing elements
|
|
|
|
Previously, message elements were being freed before the call to
|
|
Py_BuildValue(), resulting in an exception being raised. Additionally,
|
|
only the first element of the returned list was ever assigned to.
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
|
|
|
|
(cherry picked from commit 3e4ec0a90a222c1cff4a91912afc703ca4cbbb0e)
|
|
---
|
|
lib/ldb/pyldb.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
|
|
index 257351b2bc45..df7c5c54eaaa 100644
|
|
--- a/lib/ldb/pyldb.c
|
|
+++ b/lib/ldb/pyldb.c
|
|
@@ -3535,13 +3535,13 @@ static PyObject *py_ldb_msg_items(PyLdbMessageObject *self,
|
|
PyObject *value = NULL;
|
|
PyObject *py_el = PyLdbMessageElement_FromMessageElement(&msg->elements[i], msg->elements);
|
|
int res = 0;
|
|
- Py_CLEAR(py_el);
|
|
value = Py_BuildValue("(sO)", msg->elements[i].name, py_el);
|
|
+ Py_CLEAR(py_el);
|
|
if (value == NULL ) {
|
|
Py_CLEAR(l);
|
|
return NULL;
|
|
}
|
|
- res = PyList_SetItem(l, 0, value);
|
|
+ res = PyList_SetItem(l, j, value);
|
|
if (res == -1) {
|
|
Py_CLEAR(l);
|
|
return NULL;
|
|
--
|
|
2.25.1
|