diff options
author | Andrew Bartlett <abartlet@samba.org> | 2020-05-05 12:55:57 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-06-25 10:43:52 +0200 |
commit | dd53faf44463705f83e6f25e53a5682eb0dc0e1b (patch) | |
tree | f02c9ca96a31d26ad12802a0f52de2bf3e9faca9 | |
parent | c61a5255d9efaa1e63e33810f5236ea21b283c40 (diff) | |
download | samba-dd53faf44463705f83e6f25e53a5682eb0dc0e1b.tar.gz |
CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV
This is a silly combination, but at least try and keep the results sensible
and avoid a double-dereference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c index 31e64b4bd78..d58a62482c9 100644 --- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c +++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c @@ -682,10 +682,21 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls) if (control->oid == NULL) { break; } + /* + * Do not re-use VLV, nor the server-sort, both are + * already handled here. + */ if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 || strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) { continue; } + /* + * ASQ changes everything, do not copy it down for the + * per-GUID search + */ + if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) { + continue; + } new_controls[j] = talloc_steal(new_controls, control); j++; } |