mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Prevent use after free issues if ldb_lock_backend_callback is called twice, usually due to ldb_module_done being called twice. This can happen if a module ignores the return value from function a function that calls ldb_module_done as part of it's error handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
f88b69f543
commit
d8b9bb274b
@ -1018,6 +1018,13 @@ static int ldb_lock_backend_callback(struct ldb_request *req,
|
||||
struct ldb_db_lock_context *lock_context;
|
||||
int ret;
|
||||
|
||||
if (req->context == NULL) {
|
||||
/*
|
||||
* The usual way to get here is to ignore the return codes
|
||||
* and continuing processing after an error.
|
||||
*/
|
||||
abort();
|
||||
}
|
||||
lock_context = talloc_get_type(req->context,
|
||||
struct ldb_db_lock_context);
|
||||
|
||||
@ -1032,7 +1039,7 @@ static int ldb_lock_backend_callback(struct ldb_request *req,
|
||||
* If this is a LDB_REPLY_DONE or an error, unlock the
|
||||
* DB by calling the destructor on this context
|
||||
*/
|
||||
talloc_free(lock_context);
|
||||
TALLOC_FREE(req->context);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user