From b01d3ae3261264236504475a26c54ab45dd2175f Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Fri, 27 Jan 2023 08:28:36 +1300 Subject: [PATCH 05/34] CVE-2023-0614 ldb: Add functions for handling inaccessible message elements BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Conflict: NA Reference: https://attachments.samba.org/attachment.cgi?id=17821 --- common/ldb_msg.c | 26 ++++++++++++++++++++++++++ include/ldb_module.h | 4 ++++ 2 files changed, 30 insertions(+) diff --git a/common/ldb_msg.c b/common/ldb_msg.c index 9cd7998e21c..cbc7e32b2ba 100644 --- a/common/ldb_msg.c +++ b/common/ldb_msg.c @@ -795,6 +795,32 @@ int ldb_msg_element_compare_name(struct ldb_message_element *el1, return ldb_attr_cmp(el1->name, el2->name); } +void ldb_msg_element_mark_inaccessible(struct ldb_message_element *el) +{ + el->flags |= LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE; +} + +bool ldb_msg_element_is_inaccessible(const struct ldb_message_element *el) +{ + return (el->flags & LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE) != 0; +} + +void ldb_msg_remove_inaccessible(struct ldb_message *msg) +{ + unsigned i; + unsigned num_del = 0; + + for (i = 0; i < msg->num_elements; ++i) { + if (ldb_msg_element_is_inaccessible(&msg->elements[i])) { + ++num_del; + } else if (num_del) { + msg->elements[i - num_del] = msg->elements[i]; + } + } + + msg->num_elements -= num_del; +} + /* convenience functions to return common types from a message these return the first value if the attribute is multi-valued diff --git a/include/ldb_module.h b/include/ldb_module.h index 4c7c85a17f0..8481fd3991a 100644 --- a/include/ldb_module.h +++ b/include/ldb_module.h @@ -513,6 +513,10 @@ struct ldb_extended_match_rule int ldb_register_extended_match_rule(struct ldb_context *ldb, const struct ldb_extended_match_rule *rule); +void ldb_msg_element_mark_inaccessible(struct ldb_message_element *el); +bool ldb_msg_element_is_inaccessible(const struct ldb_message_element *el); +void ldb_msg_remove_inaccessible(struct ldb_message *msg); + /* * these pack/unpack functions are exposed in the library for use by * ldb tools like ldbdump and for use in tests, -- 2.25.1