CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit e1ab0c43629686d1d2c0b0b2bcdc90057a792049)
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2021-09-28 17:20:43 +1300
committer: Jule Anger <janger@samba.org> 2021-12-02 10:33:13 +0000
commit: f9b2267c6eb8138fc94df7a138ad5d87526f1d79 (patch)
tree: a940943f68dc27748b53c8996e48053415fcf95c /source4
parent: f72090064bd674ea3a6d6b2e7556a9a85bb01df6 (diff)
download: samba-f9b2267c6eb8138fc94df7a138ad5d87526f1d79.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 20442ecd9e5..bde2ecfa47f 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -255,7 +255,9 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
 			continue;
 		}
 		if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
-			conn->limits.search_timeout = policy_value;
+			if (policy_value > 0) {
+				conn->limits.search_timeout = policy_value;
+			}
 			continue;
 		}
 	}
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2021-09-28 17:20:43 +1300
committer	Jule Anger <janger@samba.org>	2021-12-02 10:33:13 +0000
commit	f9b2267c6eb8138fc94df7a138ad5d87526f1d79 (patch)
tree	a940943f68dc27748b53c8996e48053415fcf95c /source4
parent	f72090064bd674ea3a6d6b2e7556a9a85bb01df6 (diff)
download	samba-f9b2267c6eb8138fc94df7a138ad5d87526f1d79.tar.gz