sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code

CVE-2022-32746 ldb: Add flag to mark message element values as shared

Browse Source 
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.

This flag value will be heeded in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton 2022-02-21 16:10:32 +13:00 committed by Jule Anger
parent 3e4439565b
commit 7efe8182c1
2 changed files with 43 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
lib/ldb/common/ldb_msg.c
View File

@ -833,11 +833,7 @@ void ldb_msg_sort_elements(struct ldb_message *msg)
ldb_msg_element_compare_name);
}
/*
shallow copy a message - copying only the elements array so that the caller
can safely add new elements without changing the message
*/
struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
static struct ldb_message *ldb_msg_copy_shallow_impl(TALLOC_CTX *mem_ctx,
const struct ldb_message *msg)
{
struct ldb_message *msg2;
@ -863,6 +859,35 @@ failed:
return NULL;
}
/*
shallow copy a message - copying only the elements array so that the caller
can safely add new elements without changing the message
*/
struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
const struct ldb_message *msg)
{
struct ldb_message *msg2;
unsigned int i;
msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
if (msg2 == NULL) {
return NULL;
}
for (i = 0; i < msg2->num_elements; ++i) {
/*
* Mark this message's elements as sharing their values with the
* original message, so that we don't inadvertently modify or
* free them. We don't mark the original message element as
* shared, so the original message element should not be
* modified or freed while the shallow copy lives.
*/
struct ldb_message_element *el = &msg2->elements[i];
el->flags |= LDB_FLAG_INTERNAL_SHARED_VALUES;
}
return msg2;
}
/*
copy a message, allocating new memory for all parts
@ -873,7 +898,7 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
struct ldb_message *msg2;
unsigned int i, j;
msg2 = ldb_msg_copy_shallow(mem_ctx, msg);
msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
if (msg2 == NULL) return NULL;
if (msg2->dn != NULL) {
@ -894,6 +919,12 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
goto failed;
}
}
/*
* Since we copied this element's values, we can mark them as
* not shared.
*/
el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES;
}
return msg2;

6
lib/ldb/include/ldb_module.h
View File

@ -96,6 +96,12 @@ struct ldb_module;
*/
#define LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX 0x100
/*
* indicates that this element's values are shared with another element (for
* example, in a shallow copy of an ldb_message) and should not be freed
*/
#define LDB_FLAG_INTERNAL_SHARED_VALUES 0x200
/* an extended match rule that always fails to match */
#define SAMBA_LDAP_MATCH_ALWAYS_FALSE "1.3.6.1.4.1.7165.4.5.1"