CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV

This is a silly combination, but at least try and keep the results sensible and avoid a double-dereference. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2020-05-05 12:55:57 +1200
committer: Karolin Seeger <kseeger@samba.org> 2020-06-25 13:04:45 +0200
commit: c745a495415d77fd3ebfb8a658a1dad7cce114a5 (patch)
tree: 842e0927618daae34a71f540cc257fd395973e0b
parent: 3ca77e3edc0ba2c9dd3f2c0394f8c2f799d989b9 (diff)
download: samba-c745a495415d77fd3ebfb8a658a1dad7cce114a5.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
index 31e64b4bd78..d58a62482c9 100644
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -682,10 +682,21 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
 		if (control->oid == NULL) {
 			break;
 		}
+		/*
+		 * Do not re-use VLV, nor the server-sort, both are
+		 * already handled here.
+		 */
 		if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
 		    strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
 			continue;
 		}
+		/*
+		 * ASQ changes everything, do not copy it down for the
+		 * per-GUID search
+		 */
+		if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) {
+			continue;
+		}
 		new_controls[j] = talloc_steal(new_controls, control);
 		j++;
 	}
author	Andrew Bartlett <abartlet@samba.org>	2020-05-05 12:55:57 +1200
committer	Karolin Seeger <kseeger@samba.org>	2020-06-25 13:04:45 +0200
commit	c745a495415d77fd3ebfb8a658a1dad7cce114a5 (patch)
tree	842e0927618daae34a71f540cc257fd395973e0b
parent	3ca77e3edc0ba2c9dd3f2c0394f8c2f799d989b9 (diff)
download	samba-c745a495415d77fd3ebfb8a658a1dad7cce114a5.tar.gz