The Samba-Bugzilla – Attachment 13443 Details for
Bug 12904
LDB locking patches trigger invalid read
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch cherry-picked from master for 4.7 (only)
0001-dsdb-Fix-dsdb_next_callback-to-correctly-use-ldb_mod.patch (text/plain), 4.96 KB, created by
Andrew Bartlett
on 2017-08-03 02:07:59 UTC
(
hide
)
Description:
patch cherry-picked from master for 4.7 (only)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2017-08-03 02:07:59 UTC
Size:
4.96 KB
patch
obsolete
>From 1ff95bf6c32657d418b16efa00661ebc4b60386c Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 1 Aug 2017 13:18:33 +1200 >Subject: [PATCH] dsdb: Fix dsdb_next_callback to correctly use > ldb_module_done() etc > >If we do not call ldb_module_done() then we do not know that up_req->callback() >has been called, and ldb_next_request() will call the callback again. > >If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144 > >(cherry picked from commit d5750f016362ce55a1c905509c419756b523dde6) >--- > python/samba/tests/dsdb.py | 23 +++++++++++++++++++++++ > source4/dsdb/pydsdb.c | 1 + > source4/dsdb/samdb/ldb_modules/util.c | 25 +++++++++++++++++++++++-- > source4/dsdb/samdb/samdb.h | 2 ++ > 4 files changed, 49 insertions(+), 2 deletions(-) > >diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py >index ce5f5991615..a9f569b6c67 100644 >--- a/python/samba/tests/dsdb.py >+++ b/python/samba/tests/dsdb.py >@@ -23,6 +23,7 @@ from samba.auth import system_session > from samba.tests import TestCase > from samba.ndr import ndr_unpack, ndr_pack > from samba.dcerpc import drsblobs >+from samba import dsdb > import ldb > import os > import samba >@@ -505,3 +506,25 @@ class DsdbTests(TestCase): > backend_filename) > backend_path = self.lp.private_path(backend_subpath) > self._test_full_db_lock2(backend_path) >+ >+ def test_no_error_on_invalid_control(self): >+ try: >+ res = self.samdb.search(expression="cn=Administrator", >+ scope=ldb.SCOPE_SUBTREE, >+ attrs=["replPropertyMetaData"], >+ controls=["local_oid:%s:0" >+ % dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED]) >+ except ldb.LdbError as e: >+ self.fail("Should have not raised an exception") >+ >+ def test_error_on_invalid_critical_control(self): >+ try: >+ res = self.samdb.search(expression="cn=Administrator", >+ scope=ldb.SCOPE_SUBTREE, >+ attrs=["replPropertyMetaData"], >+ controls=["local_oid:%s:1" >+ % dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED]) >+ except ldb.LdbError as e: >+ if e[0] != ldb.ERR_UNSUPPORTED_CRITICAL_EXTENSION: >+ self.fail("Got %s should have got ERR_UNSUPPORTED_CRITICAL_EXTENSION" >+ % e[1]) >diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c >index 47dc9ad903a..09623a6d53b 100644 >--- a/source4/dsdb/pydsdb.c >+++ b/source4/dsdb/pydsdb.c >@@ -1572,6 +1572,7 @@ void initdsdb(void) > ADD_DSDB_STRING(DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID); > ADD_DSDB_STRING(DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID); > ADD_DSDB_STRING(DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID); >+ ADD_DSDB_STRING(DSDB_CONTROL_INVALID_NOT_IMPLEMENTED); > > ADD_DSDB_STRING(DS_GUID_COMPUTERS_CONTAINER); > ADD_DSDB_STRING(DS_GUID_DELETED_OBJECTS_CONTAINER); >diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c >index 36d35b7094a..9e37c085bba 100644 >--- a/source4/dsdb/samdb/ldb_modules/util.c >+++ b/source4/dsdb/samdb/ldb_modules/util.c >@@ -832,8 +832,29 @@ int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares) > { > struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request); > >- talloc_steal(up_req, req); >- return up_req->callback(up_req, ares); >+ if (!ares) { >+ return ldb_module_done(up_req, NULL, NULL, >+ LDB_ERR_OPERATIONS_ERROR); >+ } >+ >+ if (ares->error != LDB_SUCCESS || ares->type == LDB_REPLY_DONE) { >+ return ldb_module_done(up_req, ares->controls, >+ ares->response, ares->error); >+ } >+ >+ /* Otherwise pass on the callback */ >+ switch (ares->type) { >+ case LDB_REPLY_ENTRY: >+ return ldb_module_send_entry(up_req, ares->message, >+ ares->controls); >+ >+ case LDB_REPLY_REFERRAL: >+ return ldb_module_send_referral(up_req, >+ ares->referral); >+ default: >+ /* Can't happen */ >+ return LDB_ERR_OPERATIONS_ERROR; >+ } > } > > /* >diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h >index 5dce37e2e9c..c8658dc42fa 100644 >--- a/source4/dsdb/samdb/samdb.h >+++ b/source4/dsdb/samdb/samdb.h >@@ -189,6 +189,8 @@ struct dsdb_control_password_user_account_control { > */ > #define DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE "1.3.6.1.4.1.7165.4.3.31" > >+#define DSDB_CONTROL_INVALID_NOT_IMPLEMENTED "1.3.6.1.4.1.7165.4.3.32" >+ > #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" > struct dsdb_extended_replicated_object { > struct ldb_message *msg; >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
garming
:
review+
Actions:
View
Attachments on
bug 12904
:
13441
| 13443