packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0007-CVE-2022-32746.patch

54 lines
2.0 KiB
Diff
Raw Blame History

From 535b5a366a2ad054f729e57e282e402cf13b2efc Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 14 Jun 2022 19:49:19 +1200
Subject: [PATCH 07/99] CVE-2022-32746 s4/dsdb/repl_meta_data: Use
LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index ab506cec488..29ffda75c87 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -3525,7 +3525,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_module_operr(module);
}
- if (req->op.mod.message->elements[0].flags != LDB_FLAG_MOD_REPLACE) {
+ if (LDB_FLAG_MOD_TYPE(req->op.mod.message->elements[0].flags) != LDB_FLAG_MOD_REPLACE) {
return ldb_module_operr(module);
}
@@ -3558,11 +3558,11 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_module_operr(module);
}
- if (req->op.mod.message->elements[0].flags != LDB_FLAG_MOD_DELETE) {
+ if (LDB_FLAG_MOD_TYPE(req->op.mod.message->elements[0].flags) != LDB_FLAG_MOD_DELETE) {
return ldb_module_operr(module);
}
- if (req->op.mod.message->elements[1].flags != LDB_FLAG_MOD_ADD) {
+ if (LDB_FLAG_MOD_TYPE(req->op.mod.message->elements[1].flags) != LDB_FLAG_MOD_ADD) {
return ldb_module_operr(module);
}
@@ -3645,7 +3645,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req)
return ldb_module_operr(module);
}
- if (msg->elements[0].flags != LDB_FLAG_MOD_ADD) {
+ if (LDB_FLAG_MOD_TYPE(msg->elements[0].flags) != LDB_FLAG_MOD_ADD) {
talloc_free(ac);
return ldb_module_operr(module);
}
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink