diff options
author | Ralph Boehme <slow@samba.org> | 2018-02-15 14:40:59 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-03-12 10:05:43 +0100 |
commit | 09eed842f79b122109501c570f4c5ca865756eba (patch) | |
tree | 362e66b511a396fa23813d5e632c93b9138c7b66 | |
parent | 116c4e316048afab09aed2470043cc6129a75b15 (diff) | |
download | samba-09eed842f79b122109501c570f4c5ca865756eba.tar.gz |
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index bc1ef03db9d..1e7081b997a 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -3922,6 +3922,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r while ((passwordAttr = ldb_msg_find_element(msg, *l)) != NULL) { unsigned int mtype = LDB_FLAG_MOD_TYPE(passwordAttr->flags); + unsigned int nvalues = passwordAttr->num_values; if (mtype == LDB_FLAG_MOD_DELETE) { ++del_attr_cnt; @@ -3932,18 +3933,14 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r if (mtype == LDB_FLAG_MOD_REPLACE) { ++rep_attr_cnt; } - if ((passwordAttr->num_values != 1) && - (mtype == LDB_FLAG_MOD_ADD)) - { + if ((nvalues != 1) && (mtype == LDB_FLAG_MOD_ADD)) { talloc_free(ac); ldb_asprintf_errstring(ldb, "'%s' attribute must have exactly one value on add operations!", *l); return LDB_ERR_CONSTRAINT_VIOLATION; } - if ((passwordAttr->num_values > 1) && - (mtype == LDB_FLAG_MOD_DELETE)) - { + if ((nvalues > 1) && (mtype == LDB_FLAG_MOD_DELETE)) { talloc_free(ac); ldb_asprintf_errstring(ldb, "'%s' attribute must have zero or one value(s) on delete operations!", |