packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0028-CVE-2023-0614.patch

131 lines
3.9 KiB
Diff
Raw Blame History

From 8cf6c358e27a3926397e0d5fbb562e76926589d9 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 16 Feb 2023 12:35:34 +1300
Subject: [PATCH 26/34] CVE-2023-0614 ldb: Use binary search to check whether
attribute is secret
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17821
---
source4/dsdb/samdb/ldb_modules/acl_read.c | 56 ++++++++++++++---------
1 file changed, 35 insertions(+), 21 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 6dcc3c9b36e..21f72fbe720 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -79,6 +79,7 @@ struct aclread_private {
struct security_descriptor *sd_cached;
struct ldb_val sd_cached_blob;
const char **password_attrs;
+ size_t num_password_attrs;
};
struct access_check_context {
@@ -512,22 +513,18 @@ static int aclread_get_sd_from_ldb_message(struct aclread_context *ac,
/* Check whether the attribute is a password attribute. */
static bool attr_is_secret(const char *attr, const struct aclread_private *private_data)
{
- unsigned i;
+ const char **found = NULL;
if (private_data->password_attrs == NULL) {
return false;
}
- for (i = 0; private_data->password_attrs[i] != NULL; ++i) {
- const char *password_attr = private_data->password_attrs[i];
- if (ldb_attr_cmp(attr, password_attr) != 0) {
- continue;
- }
-
- return true;
- }
-
- return false;
+ BINARY_ARRAY_SEARCH_V(private_data->password_attrs,
+ private_data->num_password_attrs,
+ attr,
+ ldb_attr_cmp,
+ found);
+ return found != NULL;
}
/*
@@ -1128,6 +1125,14 @@ static int acl_redact_msg_for_filter(struct ldb_module *module, struct ldb_reque
return LDB_SUCCESS;
}
+static int ldb_attr_cmp_fn(const void *_a, const void *_b)
+{
+ const char * const *a = _a;
+ const char * const *b = _b;
+
+ return ldb_attr_cmp(*a, *b);
+}
+
static int aclread_init(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
@@ -1188,7 +1193,7 @@ static int aclread_init(struct ldb_module *module)
}
p->password_attrs = talloc_array(p, const char *,
password_attributes->num_values +
- ARRAY_SIZE(secret_attrs) + 1);
+ ARRAY_SIZE(secret_attrs));
if (!p->password_attrs) {
talloc_free(mem_ctx);
return ldb_oom(ldb);
@@ -1223,7 +1228,10 @@ static int aclread_init(struct ldb_module *module)
}
n++;
}
- p->password_attrs[n] = NULL;
+ p->num_password_attrs = n;
+
+ /* Sort the password attributes so we can use binary search. */
+ TYPESAFE_QSORT(p->password_attrs, p->num_password_attrs, ldb_attr_cmp_fn);
ret = ldb_register_redact_callback(ldb, acl_redact_msg_for_filter, module);
if (ret != LDB_SUCCESS) {
@@ -1247,19 +1255,25 @@ done:
module,
NULL);
if (!userPassword_support) {
+ const char **found = NULL;
+
/*
* Remove the userPassword attribute, as it is not
* considered secret.
*/
- for (i = 0; p->password_attrs[i] != NULL; ++i) {
- if (ldb_attr_cmp(p->password_attrs[i], "userPassword") == 0) {
- break;
+ BINARY_ARRAY_SEARCH_V(p->password_attrs,
+ p->num_password_attrs,
+ "userPassword",
+ ldb_attr_cmp,
+ found);
+ if (found != NULL) {
+ size_t found_idx = found - p->password_attrs;
+
+ /* Shift following elements backwards by one. */
+ for (i = found_idx; i < p->num_password_attrs - 1; ++i) {
+ p->password_attrs[i] = p->password_attrs[i + 1];
}
- }
-
- /* Shift following elements backwards by one. */
- for (; p->password_attrs[i] != NULL; ++i) {
- p->password_attrs[i] = p->password_attrs[i + 1];
+ --p->num_password_attrs;
}
}
}
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink