The Samba-Bugzilla – Attachment 15174 Details for
Bug 13951
CVE-2019-12436 [SECURITY] paged_searches crash on LDAP and [homes] access
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
additional patch for master: testing and hardening vlv
additional-patch-for-master.patch (text/plain), 4.26 KB, created by
Douglas Bagnall
on 2019-05-21 23:21:25 UTC
(
hide
)
Description:
additional patch for master: testing and hardening vlv
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2019-05-21 23:21:25 UTC
Size:
4.26 KB
patch
obsolete
>From a4f6d8c1a951c129f2059f2a30debc1391a7ad96 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Wed, 22 May 2019 10:33:15 +1200 >Subject: [PATCH 1/3] tests/vlv: remove redundant assignments > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > source4/dsdb/tests/python/vlv.py | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > >diff --git a/source4/dsdb/tests/python/vlv.py b/source4/dsdb/tests/python/vlv.py >index b3cb892d15a..b3082f4b3e2 100644 >--- a/source4/dsdb/tests/python/vlv.py >+++ b/source4/dsdb/tests/python/vlv.py >@@ -458,10 +458,8 @@ class VLVTests(TestsWithUserOU): > random.shuffle(gte_tests) > res = None > sort_control = "server_sort:1:0:%s" % attr >- > expected_order = self.get_expected_order(attr, expression) >- sort_control = "server_sort:1:0:%s" % attr >- res = None >+ > for before in range(0, 11): > after = before > for gte in gte_tests: >-- >2.17.1 > > >From b6456e25dc11ec48e339b250fcd6b4980ec15f63 Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Wed, 22 May 2019 10:32:29 +1200 >Subject: [PATCH 2/3] tests/vlv: attempt to cause trouble by changing sort > attribute > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > source4/dsdb/tests/python/vlv.py | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > >diff --git a/source4/dsdb/tests/python/vlv.py b/source4/dsdb/tests/python/vlv.py >index b3082f4b3e2..1e863461c1f 100644 >--- a/source4/dsdb/tests/python/vlv.py >+++ b/source4/dsdb/tests/python/vlv.py >@@ -1189,6 +1189,29 @@ class VLVTests(TestsWithUserOU): > expected_results = [r for r in full_results if r != del_user[attr]] > self.assertEqual(results, expected_results) > >+ def test_vlv_change_during_search(self): >+ attr = 'facsimileTelephoneNumber' >+ prefix = "change_during_search_" >+ expr = "(&(objectClass=user)(cn=%s*))" % (prefix) >+ num_users = 3 >+ users = [self.create_user(i, num_users, prefix=prefix) >+ for i in range(num_users)] >+ expr = "(&(objectClass=user)(facsimileTelephoneNumber=%s*))" % (prefix) >+ >+ # Start the VLV, change the searched attribute and try the >+ # cookie. >+ results, cookie = self.vlv_search(attr, expr) >+ >+ for u in users: >+ self.ldb.modify_ldif("dn: %s\n" >+ "changetype: modify\n" >+ "replace: facsimileTelephoneNumber\n" >+ "facsimileTelephoneNumber: 123" % u['dn']) >+ >+ for i in range(2): >+ results, cookie = self.vlv_search(attr, expr, cookie=cookie, >+ offset=i+1) >+ > > class PagedResultsTests(TestsWithUserOU): > >-- >2.17.1 > > >From ecdfbcb419fb1606d3f664a8e67a08326b06ac6f Mon Sep 17 00:00:00 2001 >From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >Date: Fri, 17 May 2019 09:33:55 +1200 >Subject: [PATCH 3/3] dsdb/vlv: ignore successful results without messages > >Lest we dereference the message that is not there. > >It seems unlikely that this will ever occur, but it is better to be >safe. > >Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >--- > source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > >diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >index 980177cb05e..35c6adc5fb1 100644 >--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c >@@ -442,10 +442,13 @@ static int vlv_results(struct vlv_context *ac) > ret = vlv_search_by_dn_guid(ac->module, ac, &result, guid, > ac->req->op.search.attrs); > >- if (ret == LDAP_NO_SUCH_OBJECT) { >- /* The thing isn't there, which we quietly >- ignore and go on to send an extra one >- instead. */ >+ if (ret == LDAP_NO_SUCH_OBJECT || >+ (ret == LDB_SUCCESS && result->count == 0)) { >+ /* >+ * The thing isn't there, which we quietly >+ * ignore and go on to send an extra one >+ * instead. >+ */ > if (last_i < ac->store->num_entries - 1) { > last_i++; > } >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13951
:
15159
|
15165
|
15166
|
15173
| 15174 |
15175
|
15198
|
15226
|
15227
|
15228
|
15230
|
15231