From cb731047ad4cb053a0e5be9b41a81e39323337dd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 8 Feb 2022 00:39:56 +0100 Subject: [PATCH 1/2] FOR_TESTING_ONLY: paged_results: try to fix dangling ldb_parse_tree problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14970 --- source4/dsdb/samdb/ldb_modules/paged_results.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c index 2063e84e1579..a32c207ffb98 100644 --- a/source4/dsdb/samdb/ldb_modules/paged_results.c +++ b/source4/dsdb/samdb/ldb_modules/paged_results.c @@ -81,7 +81,6 @@ struct results_store { const char * const *attrs; unsigned last_i; - struct ldb_parse_tree *expr; char *expr_str; }; @@ -268,7 +267,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares) */ ret = paged_search_by_dn_guid(ac->module, ac, &result, guid, ac->req->op.search.attrs, - ac->store->expr); + ac->req->op.search.tree); if (ret == LDAP_NO_SUCH_OBJECT || (ret == LDB_SUCCESS && result->count == 0)) { /* The thing isn't there TODO, which we quietly @@ -733,7 +732,6 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) return ret; } - ac->store->expr = talloc_steal(ac->store, req->op.search.tree); ac->store->expr_str = ldb_filter_from_tree(ac->store, req->op.search.tree); ac->store->attrs = paged_copy_attrs(ac->store, -- 2.25.1 From 75e17f360601af8df974e72820ed4d6cd91c6aec Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 8 Feb 2022 00:41:54 +0100 Subject: [PATCH 2/2] paged_results: add no memory checks in paged_search() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14970 --- source4/dsdb/samdb/ldb_modules/paged_results.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c index a32c207ffb98..c5def0367802 100644 --- a/source4/dsdb/samdb/ldb_modules/paged_results.c +++ b/source4/dsdb/samdb/ldb_modules/paged_results.c @@ -704,9 +704,15 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) struct ldb_request *req_extended_dn; struct ldb_extended_dn_control *ext_ctrl_data; req_extended_dn = talloc_zero(req, struct ldb_request); + if (req_extended_dn == NULL) { + return ldb_module_oom(module); + } req_extended_dn->controls = req->controls; ext_ctrl_data = talloc_zero(req, struct ldb_extended_dn_control); + if (ext_ctrl_data == NULL) { + return ldb_module_oom(module); + } ext_ctrl_data->type = 1; ret = ldb_request_add_control(req_extended_dn, @@ -734,8 +740,14 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) ac->store->expr_str = ldb_filter_from_tree(ac->store, req->op.search.tree); + if (ac->store->expr_str == NULL) { + return ldb_module_oom(module); + } ac->store->attrs = paged_copy_attrs(ac->store, req->op.search.attrs); + if (ac->store->attrs == NULL) { + return ldb_module_oom(module); + } /* save it locally and remove it from the list */ /* we do not need to replace them later as we -- 2.25.1