CVE-2022-32746 s4:torture: Fix LDB flags comparison

LDB_FLAG_MOD_* values are not actually flags, and the previous comparison was equivalent to (el->flags & LDB_FLAG_MOD_MASK) == 0 which is only true if none of the LDB_FLAG_MOD_* values are set. Correct the expression to what it was probably intended to be. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2022-06-21 14:49:51 +1200
committer: Jule Anger <janger@samba.org> 2022-07-24 11:41:53 +0200
commit: 582ac171364f0c28f54eaf4f21b5bfa7569b5233 (patch)
tree: 57aabf1839567902b8bb71782e1deb4d9f5539d6
parent: a68553792a8512a2d266bbb86f064f78b5482a65 (diff)
download: samba-582ac171364f0c28f54eaf4f21b5bfa7569b5233.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c
index cde9f78692b..ff7ce2d9074 100644
--- a/source4/torture/drs/rpc/dssync.c
+++ b/source4/torture/drs/rpc/dssync.c
@@ -527,7 +527,9 @@ static bool test_analyse_objects(struct torture_context *tctx,
 				el = &new_msg->elements[idx];
 				a = dsdb_attribute_by_lDAPDisplayName(ldap_schema,
 				                                      el->name);
-				if (!(el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE))) {
+				if (LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_ADD &&
+				    LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_REPLACE)
+				{
 					/* DRS only value */
 					is_warning = false;
 				} else if (a->linkID & 1) {
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2022-06-21 14:49:51 +1200
committer	Jule Anger <janger@samba.org>	2022-07-24 11:41:53 +0200
commit	582ac171364f0c28f54eaf4f21b5bfa7569b5233 (patch)
tree	57aabf1839567902b8bb71782e1deb4d9f5539d6
parent	a68553792a8512a2d266bbb86f064f78b5482a65 (diff)
download	samba-582ac171364f0c28f54eaf4f21b5bfa7569b5233.tar.gz