diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-11-26 15:44:32 +1300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-01-10 11:56:20 +0100 |
commit | 17215b36b22d309a58a3b7bd08123f06e89657c9 (patch) | |
tree | fe434951c652c51535d0c2d21af195f86b850802 | |
parent | 4afff32debe5ea4bf1219f42c3042eb65c3e1d6b (diff) | |
download | samba-17215b36b22d309a58a3b7bd08123f06e89657c9.tar.gz |
CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction
This means we can trust the DB did not change between the two search
requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index 9018b750ab5..fb2854438e1 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -1199,6 +1199,9 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module, * LDB_SCOPE_SUBTREE searches are expensive. * * Note: that we do not search for deleted/recycled objects + * + * We know this is safe against a rename race as we are in the + * prepare_commit(), so must be in a transaction. */ ret = dsdb_module_search(module, change, |