mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
CVE-2020-25722 s4/dsdb/samldb: samldb_lockout_time() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
1e0176cf65
commit
4fb4136a84
@ -3169,8 +3169,15 @@ static int samldb_lockout_time(struct samldb_ctx *ac)
|
||||
struct ldb_message *tmp_msg;
|
||||
int ret;
|
||||
|
||||
el = dsdb_get_single_valued_attr(ac->msg, "lockoutTime",
|
||||
ac->req->operation);
|
||||
ret = dsdb_get_expected_new_values(ac,
|
||||
ac->msg,
|
||||
"lockoutTime",
|
||||
&el,
|
||||
ac->req->operation);
|
||||
if (ret != LDB_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (el == NULL || el->num_values == 0) {
|
||||
ldb_asprintf_errstring(ldb,
|
||||
"%08X: samldb: 'lockoutTime' can't be deleted!",
|
||||
|
Loading…
Reference in New Issue
Block a user