The Samba-Bugzilla – Attachment 15165 Details for
Bug 13951
CVE-2019-12436 [SECURITY] paged_searches crash on LDAP and [homes] access
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master, without any tests
paged-results.patch (text/plain), 2.53 KB, created by
Douglas Bagnall
on 2019-05-16 21:46:09 UTC
(
hide
)
Description:
patch for master, without any tests
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2019-05-16 21:46:09 UTC
Size:
2.53 KB
patch
obsolete
>From 106f868dbbd01ac0e4cea10856d081e0bbef44d8 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Fri, 17 May 2019 09:32:19 +1200 >Subject: [PATCH 1/2] dsdb/paged_results: ignore successful results without > messages > >So that we don't dereference result->msgs[0] when it doesn't exist > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/paged_results.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c >index e70f462efed..940d2254fb0 100644 >--- a/source4/dsdb/samdb/ldb_modules/paged_results.c >+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c >@@ -266,7 +266,8 @@ static int paged_results(struct paged_context *ac) > ret = paged_search_by_dn_guid(ac->module, ac, &result, guid, > ac->req->op.search.attrs, > ac->store->expr); >- if (ret == LDAP_NO_SUCH_OBJECT /* TODO or no result */) { >+ if (ret == LDAP_NO_SUCH_OBJECT || >+ (ret == LDB_SUCCESS && result->count == 0)) { > /* The thing isn't there TODO, which we quietly > ignore and go on to send an extra one > instead. */ >-- >2.17.1 > > >From 903070cfe3bc7c99dd6be7bfaed987f265ab8219 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Fri, 17 May 2019 09:33:55 +1200 >Subject: [PATCH 2/2] dsdb/vlv: ignore successful results without messages > >Lest we dereference the message that is not there. > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >index 980177cb05e..35c6adc5fb1 100644 >--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >@@ -442,10 +442,13 @@ static int vlv_results(struct vlv_context *ac) > ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid, > ac->req->op.search.attrs); > >- if (ret == LDAP_NO_SUCH_OBJECT) { >- /* The thing isn't there, which we quietly >- ignore and go on to send an extra one >- instead. */ >+ if (ret == LDAP_NO_SUCH_OBJECT || >+ (ret == LDB_SUCCESS && result->count == 0)) { >+ /* >+ * The thing isn't there, which we quietly >+ * ignore and go on to send an extra one >+ * instead. >+ */ > if (last_i < ac->store->num_entries - 1) { > last_i++; > } >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13951
:
15159
|
15165
|
15166
|
15173
|
15174
|
15175
|
15198
|
15226
|
15227
|
15228
|
15230
|
15231