1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice

Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Gary Lockyer 2020-05-13 10:56:56 +12:00 committed by Karolin Seeger
parent f88b69f543
commit d8b9bb274b

View File

@ -1018,6 +1018,13 @@ static int ldb_lock_backend_callback(struct ldb_request *req,
struct ldb_db_lock_context *lock_context;
int ret;
if (req->context == NULL) {
/*
* The usual way to get here is to ignore the return codes
* and continuing processing after an error.
*/
abort();
}
lock_context = talloc_get_type(req->context,
struct ldb_db_lock_context);
@ -1032,7 +1039,7 @@ static int ldb_lock_backend_callback(struct ldb_request *req,
* If this is a LDB_REPLY_DONE or an error, unlock the
* DB by calling the destructor on this context
*/
talloc_free(lock_context);
TALLOC_FREE(req->context);
return ret;
}