packages/libldb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libldb/backport-001-CVE-2022-32746.patch

105 lines
3.8 KiB
Diff
Raw Normal View History

fix CVE-2022-32746
2022-08-01 08:03:30 +00:00
From 0a3aa5f908e351201dc9c4d4807b09ed9eedff77 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 21 Feb 2022 16:27:37 +1300
Subject: [PATCH] CVE-2022-32746 ldb: Make use of functions for appending to an
ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
ldb_map/ldb_map.c | 5 +-
ldb_map/ldb_map_inbound.c | 9 +-
modules/rdn_name.c | 22 +---
3 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/ldb_map/ldb_map.c b/ldb_map/ldb_map.c
index b453dff80d25..c7b0c2286311 100644
--- a/ldb_map/ldb_map.c
+++ b/ldb_map/ldb_map.c
@@ -946,10 +946,7 @@ struct ldb_request *map_build_fixup_req(struct map_context *ac,
if ( ! dn || ! ldb_dn_validate(msg->dn)) {
goto failed;
}
- if (ldb_msg_add_empty(msg, IS_MAPPED, LDB_FLAG_MOD_REPLACE, NULL) != 0) {
- goto failed;
- }
- if (ldb_msg_add_string(msg, IS_MAPPED, dn) != 0) {
+ if (ldb_msg_append_string(msg, IS_MAPPED, dn, LDB_FLAG_MOD_REPLACE) != 0) {
goto failed;
}
diff --git a/ldb_map/ldb_map_inbound.c b/ldb_map/ldb_map_inbound.c
index 324295737da1..50b9427c26c5 100644
--- a/ldb_map/ldb_map_inbound.c
+++ b/ldb_map/ldb_map_inbound.c
@@ -569,12 +569,9 @@ static int map_modify_do_local(struct map_context *ac)
/* No local record present, add it instead */
/* Add local 'IS_MAPPED' */
/* TODO: use GUIDs here instead */
- if (ldb_msg_add_empty(ac->local_msg, IS_MAPPED,
- LDB_FLAG_MOD_ADD, NULL) != 0) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ret = ldb_msg_add_linearized_dn(ac->local_msg, IS_MAPPED,
- ac->remote_req->op.mod.message->dn);
+ ret = ldb_msg_append_linearized_dn(ac->local_msg, IS_MAPPED,
+ ac->remote_req->op.mod.message->dn,
+ LDB_FLAG_MOD_ADD);
if (ret != 0) {
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/modules/rdn_name.c b/modules/rdn_name.c
index 25cffe07591a..3cb62bf567bd 100644
--- a/modules/rdn_name.c
+++ b/modules/rdn_name.c
@@ -308,16 +308,10 @@ static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares)
}
rdn_val = ldb_val_dup(msg, rdn_val_p);
- if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) {
+ if (ldb_msg_append_value(msg, rdn_name, &rdn_val, LDB_FLAG_MOD_REPLACE) != 0) {
goto error;
}
- if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) {
- goto error;
- }
- if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) {
- goto error;
- }
- if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) {
+ if (ldb_msg_append_value(msg, "name", &rdn_val, LDB_FLAG_MOD_REPLACE) != 0) {
goto error;
}
@@ -466,11 +460,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
if (ret != 0) {
return ldb_module_oom(module);
}
- ret = ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_ADD, NULL);
- if (ret != 0) {
- return ldb_module_oom(module);
- }
- ret = ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL);
+ ret = ldb_msg_append_value(msg, rdn_name, &rdn_val, LDB_FLAG_MOD_ADD);
if (ret != 0) {
return ldb_module_oom(module);
}
@@ -479,11 +469,7 @@ static int rdn_name_modify(struct ldb_module *module, struct ldb_request *req)
if (ret != 0) {
return ldb_module_oom(module);
}
- ret = ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_ADD, NULL);
- if (ret != 0) {
- return ldb_module_oom(module);
- }
- ret = ldb_msg_add_value(msg, "name", &rdn_val, NULL);
+ ret = ldb_msg_append_value(msg, "name", &rdn_val, LDB_FLAG_MOD_ADD);
if (ret != 0) {
return ldb_module_oom(module);
}
Reference in New Issue Copy Permalink