sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values

Browse Source 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Ralph Boehme 2018-02-15 14:40:59 +01:00 committed by Stefan Metzmacher
parent b23bf04cae
commit c653e51a3d
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
source4/dsdb/samdb/ldb_modules/password_hash.c
View File

@ -4247,6 +4247,7 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
while ((passwordAttr = ldb_msg_find_element(msg, *l)) != NULL) {
unsigned int mtype = LDB_FLAG_MOD_TYPE(passwordAttr->flags);
unsigned int nvalues = passwordAttr->num_values;
if (mtype == LDB_FLAG_MOD_DELETE) {
++del_attr_cnt;
@ -4257,18 +4258,14 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
if (mtype == LDB_FLAG_MOD_REPLACE) {
++rep_attr_cnt;
}
if ((passwordAttr->num_values != 1) &&
(mtype == LDB_FLAG_MOD_ADD))
{
if ((nvalues != 1) && (mtype == LDB_FLAG_MOD_ADD)) {
talloc_free(ac);
ldb_asprintf_errstring(ldb,
"'%s' attribute must have exactly one value on add operations!",
*l);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if ((passwordAttr->num_values > 1) &&
(mtype == LDB_FLAG_MOD_DELETE))
{
if ((nvalues > 1) && (mtype == LDB_FLAG_MOD_DELETE)) {
talloc_free(ac);
ldb_asprintf_errstring(ldb,
"'%s' attribute must have zero or one value(s) on delete operations!",