From 17215b36b22d309a58a3b7bd08123f06e89657c9 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 26 Nov 2019 15:44:32 +1300
Subject: CVE-2019-14902 dsdb: Explain that
 descriptor_sd_propagation_recursive() is proctected by a transaction

This means we can trust the DB did not change between the two search
requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/samdb/ldb_modules/descriptor.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 9018b750ab5..fb2854438e1 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -1199,6 +1199,9 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module,
 	 * LDB_SCOPE_SUBTREE searches are expensive.
 	 *
 	 * Note: that we do not search for deleted/recycled objects
+	 *
+	 * We know this is safe against a rename race as we are in the
+	 * prepare_commit(), so must be in a transaction.
 	 */
 	ret = dsdb_module_search(module,
 				 change,
-- 
cgit v1.2.1