Overview

File ldb-CVE-2020-10730.patch of Package ldb.15594

From 9d8065e62d39ad4899d88c13156456726d214250 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 11 Mar 2020 16:41:34 +1300
Subject: [PATCH] CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ
 module

We want to keep going down the module stack, and not start from the top again.

ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from c309e6b2a704472ab2870e226bdaa172b4bf0fb8)
---
 ldb/modules/asq.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git lib/ldb/modules/asq.c lib/ldb/modules/asq.c
index 7482de826f0..4eba941ae0b 100644
--- ldb/modules/asq.c
+++ ldb/modules/asq.c
@@ -311,12 +311,9 @@ static int asq_build_multiple_requests(struct asq_context *ac, bool *terminated)
 
 static int asq_search_continue(struct asq_context *ac)
 {
-	struct ldb_context *ldb;
 	bool terminated = false;
 	int ret;
 
-	ldb = ldb_module_get_ctx(ac->module);
-
 	switch (ac->step) {
 	case ASQ_SEARCH_BASE:
 
@@ -328,7 +325,7 @@ static int asq_search_continue(struct asq_context *ac)
 
 		ac->step = ASQ_SEARCH_MULTI;
 
-		return ldb_request(ldb, ac->reqs[ac->cur_req]);
+		return ldb_next_request(ac->module, ac->reqs[ac->cur_req]);
 
 	case ASQ_SEARCH_MULTI:
 
@@ -339,7 +336,7 @@ static int asq_search_continue(struct asq_context *ac)
 			return asq_search_terminate(ac);
 		}
 
-		return ldb_request(ldb, ac->reqs[ac->cur_req]);
+		return ldb_next_request(ac->module, ac->reqs[ac->cur_req]);
 	}
 
 	return LDB_ERR_OPERATIONS_ERROR;
@@ -347,14 +344,11 @@ static int asq_search_continue(struct asq_context *ac)
 
 static int asq_search(struct ldb_module *module, struct ldb_request *req)
 {
-	struct ldb_context *ldb;
 	struct ldb_request *base_req;
 	struct ldb_control *control;
 	struct asq_context *ac;
 	int ret;
 
-	ldb = ldb_module_get_ctx(module);
-
 	/* check if there's an ASQ control */
 	control = ldb_request_get_control(req, LDB_CONTROL_ASQ_OID);
 	if (control == NULL) {
@@ -385,7 +379,7 @@ static int asq_search(struct ldb_module *module, struct ldb_request *req)
 
 	ac->step = ASQ_SEARCH_BASE;
 
-	return ldb_request(ldb, base_req);
+	return ldb_next_request(ac->module, base_req);
 }
 
 static int asq_init(struct ldb_module *module)
-- 
2.25.0
openSUSE Build Service is sponsored by
Places