samba/backport-0018-CVE-2023-0614.patch

From 13e0b2190c802dc876b465a201b8dc9f35f9720c Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 7 Feb 2023 09:48:37 +1300
Subject: [PATCH 16/34] CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in
 confidential attributes test

The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:

(lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>)

which, due to the extra characters, would fail to match anything.

Fix it to be:

(lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17821
---
 source4/dsdb/tests/python/confidential_attr.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source4/dsdb/tests/python/confidential_attr.py b/source4/dsdb/tests/python/confidential_attr.py
index d5c7785485a..1c9c456917a 100755
--- a/source4/dsdb/tests/python/confidential_attr.py
+++ b/source4/dsdb/tests/python/confidential_attr.py
@@ -924,12 +924,12 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
         self.assert_negative_searches(has_rights_to="all",
                                       samdb=self.ldb_admin)
 
-    def get_guid(self, dn):
+    def get_guid_string(self, dn):
         """Returns an object's GUID (in string format)"""
         res = self.ldb_admin.search(base=dn, attrs=["objectGUID"],
                                     scope=SCOPE_BASE)
         guid = res[0]['objectGUID'][0]
-        return self.ldb_admin.schema_format_value("objectGUID", guid)
+        return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8')
 
     def make_attr_preserve_on_delete(self):
         """Marks the attribute under test as being preserve on delete"""
@@ -978,7 +978,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
         # deleted objects, but only from this particular test run. We can do
         # this by matching lastKnownParent against this test case's OU, which
         # will match any deleted child objects.
-        ou_guid = self.get_guid(self.ou)
+        ou_guid = self.get_guid_string(self.ou)
         deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid)
 
         # the extra-filter will get combined via AND with the search expression
-- 
2.25.1
fix CVE-2023-0225 CVE-2023-0614 CVE-2023-0922 2023-04-01 06:13:02 +00:00			`From 13e0b2190c802dc876b465a201b8dc9f35f9720c Mon Sep 17 00:00:00 2001`
			`From: Joseph Sutton <josephsutton@catalyst.net.nz>`
			`Date: Tue, 7 Feb 2023 09:48:37 +1300`
			`Subject: [PATCH 16/34] CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in`
			`confidential attributes test`

			`The object returned by schema_format_value() is a bytes object.`
			`Therefore the search expression would resemble:`

			`(lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>)`

			`which, due to the extra characters, would fail to match anything.`

			`Fix it to be:`

			`(lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>)`

			`BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270`

			`Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>`
			`Reviewed-by: Andrew Bartlett <abartlet@samba.org>`

			`Conflict: NA`
			`Reference: https://attachments.samba.org/attachment.cgi?id=17821`
			`---`
			`source4/dsdb/tests/python/confidential_attr.py \| 6 +++---`
			`1 file changed, 3 insertions(+), 3 deletions(-)`

			`diff --git a/source4/dsdb/tests/python/confidential_attr.py b/source4/dsdb/tests/python/confidential_attr.py`
			`index d5c7785485a..1c9c456917a 100755`
			`--- a/source4/dsdb/tests/python/confidential_attr.py`
			`+++ b/source4/dsdb/tests/python/confidential_attr.py`
			`@@ -924,12 +924,12 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):`
			`self.assert_negative_searches(has_rights_to="all",`
			`samdb=self.ldb_admin)`

			`- def get_guid(self, dn):`
			`+ def get_guid_string(self, dn):`
			`"""Returns an object's GUID (in string format)"""`
			`res = self.ldb_admin.search(base=dn, attrs=["objectGUID"],`
			`scope=SCOPE_BASE)`
			`guid = res[0]['objectGUID'][0]`
			`- return self.ldb_admin.schema_format_value("objectGUID", guid)`
			`+ return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8')`

			`def make_attr_preserve_on_delete(self):`
			`"""Marks the attribute under test as being preserve on delete"""`
			`@@ -978,7 +978,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):`
			`# deleted objects, but only from this particular test run. We can do`
			`# this by matching lastKnownParent against this test case's OU, which`
			`# will match any deleted child objects.`
			`- ou_guid = self.get_guid(self.ou)`
			`+ ou_guid = self.get_guid_string(self.ou)`
			`deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid)`

			`# the extra-filter will get combined via AND with the search expression`
			`--`
			`2.25.1`