diff options
author | Tim Beale <timbeale@catalyst.net.nz> | 2018-07-30 16:00:15 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-14 13:57:16 +0200 |
commit | 98c2e6a14fa28d0fe64641227065cd44beb55f96 (patch) | |
tree | 5e9cffd23f56879c2e1548608bc3dd22fd886e56 /source4 | |
parent | 4234579a5d9d3e27e90cd019f85a78a214b96314 (diff) | |
download | samba-98c2e6a14fa28d0fe64641227065cd44beb55f96.tar.gz |
CVE-2018-10919 acl_read: Flip the logic in the dirsync check
This better reflects the special case we're making for dirsync, and gets
rid of a 'if-else' clause.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_read.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c index 17d6492cd35..9607ed05ee7 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_read.c +++ b/source4/dsdb/samdb/ldb_modules/acl_read.c @@ -400,10 +400,12 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) { bool in_search_filter; + /* check if attr is part of the search filter */ in_search_filter = dsdb_attr_in_parse_tree(ac->req->op.search.tree, msg->elements[i].name); - if (ac->indirsync) { + if (in_search_filter) { + /* * We are doing dirysnc answers * and the object shouldn't be returned (normally) @@ -412,21 +414,16 @@ static int aclread_callback(struct ldb_request *req, struct ldb_reply *ares) * (remove the object if it is not deleted, or return * just the objectGUID if it's deleted). */ - if (in_search_filter) { + if (ac->indirsync) { ldb_msg_remove_attr(msg, "replPropertyMetaData"); break; } else { - aclread_mark_inaccesslible(&msg->elements[i]); - } - } else { - /* - * do not return this entry if attribute is - * part of the search filter - */ - if (in_search_filter) { + + /* do not return this entry */ talloc_free(tmp_ctx); return LDB_SUCCESS; } + } else { aclread_mark_inaccesslible(&msg->elements[i]); } } else if (ret != LDB_SUCCESS) { |