CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction

This means we can trust the DB did not change between the two search requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2019-11-26 15:44:32 +1300
committer: Karolin Seeger <kseeger@samba.org> 2020-01-10 11:56:20 +0100
commit: 17215b36b22d309a58a3b7bd08123f06e89657c9 (patch)
tree: fe434951c652c51535d0c2d21af195f86b850802
parent: 4afff32debe5ea4bf1219f42c3042eb65c3e1d6b (diff)
download: samba-17215b36b22d309a58a3b7bd08123f06e89657c9.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 9018b750ab5..fb2854438e1 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -1199,6 +1199,9 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module,
 	 * LDB_SCOPE_SUBTREE searches are expensive.
 	 *
 	 * Note: that we do not search for deleted/recycled objects
+	 *
+	 * We know this is safe against a rename race as we are in the
+	 * prepare_commit(), so must be in a transaction.
 	 */
 	ret = dsdb_module_search(module,
 				 change,
author	Andrew Bartlett <abartlet@samba.org>	2019-11-26 15:44:32 +1300
committer	Karolin Seeger <kseeger@samba.org>	2020-01-10 11:56:20 +0100
commit	17215b36b22d309a58a3b7bd08123f06e89657c9 (patch)
tree	fe434951c652c51535d0c2d21af195f86b850802
parent	4afff32debe5ea4bf1219f42c3042eb65c3e1d6b (diff)
download	samba-17215b36b22d309a58a3b7bd08123f06e89657c9.tar.gz