diff options
author | Andrew Bartlett <abartlet@samba.org> | 2020-05-05 16:34:11 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-06-25 13:04:45 +0200 |
commit | 80144c53d5546314f929b48f40c704f7cff083a8 (patch) | |
tree | 84caef785c32055b693b1c252ef66e14074329bd | |
parent | 9d4b98d75ea6a283afc45e9e4aef91fdfb95a189 (diff) | |
download | samba-80144c53d5546314f929b48f40c704f7cff083a8.tar.gz |
CVE-2020-10730: vlv: Another workaround for mixing ASQ and VLV
This is essentially an alternative patch, but without the correct
behaviour. Instead this just avoids a segfault.
Included in case we have something simialr again in
another module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c index d58a62482c9..720b5e95638 100644 --- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c +++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c @@ -442,10 +442,21 @@ static int vlv_results(struct vlv_context *ac) ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid, ac->req->op.search.attrs); - if (ret == LDAP_NO_SUCH_OBJECT) { - /* The thing isn't there, which we quietly - ignore and go on to send an extra one - instead. */ + if (ret == LDAP_NO_SUCH_OBJECT + || result->count != 1) { + /* + * The thing isn't there, which we quietly + * ignore and go on to send an extra one + * instead. + * + * result->count == 0 or > 1 can only + * happen if ASQ (which breaks all the + * rules) is somehow invoked (as this + * is a BASE search). + * + * (We skip the ASQ cookie for the + * GUID searches) + */ if (last_i < ac->store->num_entries - 1) { last_i++; } |