13367 – samldb_add_handle_msDS_IntId() can generate a random msDS-IntId value and use it without ensuring it doesn't already exist.

Bug 13367 - samldb_add_handle_msDS_IntId() can generate a random msDS-IntId value and use it without ensuring it doesn't already exist.

Summary: samldb_add_handle_msDS_IntId() can generate a random msDS-IntId value and use...

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-03 22:41 UTC by Jeremy Allison
Modified:	2018-04-12 06:52 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
git-am fix for 4.8.next, 4.7.next. (1.20 KB, patch) 2018-04-06 00:11 UTC, Jeremy Allison	vl: review+ jra: review? (metze)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Allison 2018-04-03 22:41:36 UTC

Logic error in samldb_add_handle_msDS_IntId() could allow a random msds_intid value to be generated and used without checking if it already exists in the schema.

Patch (from Volker) to follow.

Comment 1 Jeremy Allison 2018-04-06 00:11:38 UTC

Created attachment 14105 [details]
git-am fix for 4.8.next, 4.7.next.

Cherry-picked from master.

Comment 2 Karolin Seeger 2018-04-10 07:35:51 UTC

Pushed to autobuild-v4-[7,8]-test.

Comment 3 Karolin Seeger 2018-04-12 06:52:44 UTC

(In reply to Karolin Seeger from comment #2)
Pushed to both branches.
Closing out bug report.

Thanks!