1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib
Joseph Sutton a7a59c540b CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.

This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
..
addns build: Consolidate --with-dnsupdate with --with-ads (which implied HAVE_KRB5) 2021-03-26 04:06:41 +00:00
afs s3:param: make "servicename" a substituted option 2019-11-27 10:25:37 +00:00
async_req lib: Use FIONREAD in wait_for_read_send/recv 2021-03-16 17:09:31 +00:00
audit_logging audit_logging.c: fix compilation on macOS 2021-10-13 01:42:35 +00:00
cmdline cmdline_s4: re-initialise logging once loadparm is ready 2022-06-18 08:47:17 +00:00
compression lzxpress: avoid technically undefined shift 2020-08-31 22:31:13 +00:00
crypto lib:crypto: Add py binding for set_relax/strict fips mode 2020-10-29 14:19:36 +00:00
dbwrap lib/dbwrap: reset deleted record to tdb_null 2021-11-04 19:49:47 +00:00
fuzzing s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00
krb5_wrap lib:krb5_wrap: Fix wrong debug message and use newer debug macro 2022-02-25 17:12:17 +00:00
ldb CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message 2022-07-24 09:20:21 +02:00
ldb-samba ldb-samba: dns tombstone matching: constrict value length 2021-07-05 04:16:34 +00:00
messaging messaging: Fix receiving file descriptors 2021-03-19 08:18:26 +00:00
mscat lib;smbd: Fix the -Os build by initializing variables 2021-08-06 17:22:30 +00:00
param docs-xml: add 'kdc enable fast' option 2022-03-14 14:27:13 +00:00
printer_driver printing: Align integer types 2021-04-01 19:32:36 +00:00
pthreadpool build: Do not build selftest binaries for builds without --enable-selftest 2019-11-22 11:48:59 +00:00
replace replace: Check for -Wuse-after-free 2022-07-18 08:47:13 +00:00
smbconf waf: add library dependency for sendfile on Solaris 2019-02-17 13:33:15 +01:00
socket lib/socket: autodetect RSS using ETHTOOL_GRXRINGS 2020-05-07 14:44:40 +00:00
talloc nsswitch: reduce dependecies to private libraries and link static/builtin if possible 2021-11-30 15:53:34 +00:00
tdb tdb: version 1.4.6 2022-01-24 11:21:32 +00:00
tdb_wrap lib: Open tdb files with O_CLOEXEC 2021-06-04 16:47:34 +00:00
tdr lib: Fix 1354521 Unchecked return value 2016-03-01 21:49:44 +01:00
tevent Fix Python docstrings 2021-09-04 00:55:32 +00:00
texpect texpect: don't ignore unknown options 2021-09-10 15:10:30 +00:00
torture lib/torture: fix subunit names of nested suites 2020-07-07 10:30:40 +00:00
tsocket selftest: test tsocket_address_inet_from_hostport_strings 2021-09-28 10:34:12 +00:00
util util: Add new debug setting debug_no_stderr_redirect 2022-06-18 08:47:17 +00:00
README various: Remove references to about to be deleted thirdparty/dnspython 2018-12-11 20:07:18 +01:00
wscript_build

compression - Various compression algorithms (MSZIP, lzxpress)
popt - Command-line option parsing library
replace - Provides replacements for standard (POSIX, C99) functions 
          not provided by the host platform.
subunit - Utilities and bindings for working with the Subunit test result 
          reporting protocol.
talloc - Hierarchical pool based memory allocator 
tdb - Simple but fast key/value database library, supporting multiple writers
torture - Simple unit testing helper library