1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 86fe9d4888)
This commit is contained in:
Joseph Sutton 2021-08-26 13:53:23 +12:00 committed by Jule Anger
parent dc71ae1778
commit f72090064b

View File

@ -869,7 +869,17 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
}
}
ldb_set_timeout(samdb, lreq, req->timelimit);
{
time_t timeout = call->conn->limits.search_timeout;
if (timeout == 0
|| (req->timelimit != 0
&& req->timelimit < timeout))
{
timeout = req->timelimit;
}
ldb_set_timeout(samdb, lreq, timeout);
}
if (!call->conn->is_privileged) {
ldb_req_mark_untrusted(lreq);