Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0035-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0035-CVE-2020-25722-selftest-Ensure-check-for-duplicate-s.patch of Package samba
From 3ed16e74292058d059ae951317ca8d3b7f1f5d0e Mon Sep 17 00:00:00 2001 From: Joseph Sutton <josephsutton@catalyst.net.nz> Date: Tue, 2 Nov 2021 21:00:00 +1300 Subject: [PATCH 244/266] CVE-2020-25722 selftest: Ensure check for duplicate servicePrincipalNames is not bypassed for an add operation BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564 If one of the objectClass checks passed, samldb_add() could return through one of the samldb_fill_*() functions and skip the servicePrincipalName uniqueness checking. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Conflict:remove test Reference:https://gitlab.com/samba-team/samba/-/commit/3ed16e74292058d059ae951317ca8d3b7f1f5d0e --- source4/dsdb/samdb/ldb_modules/samldb.c | 25 ++++++++++++------------- 1 files changed, 12 insertions(+), 13 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 810365ca030..f0227411ccd 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -4838,6 +4838,18 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) } } + el = ldb_msg_find_element(ac->msg, "servicePrincipalName"); + if ((el != NULL)) { + /* + * We need to check whether the SPN collides with an existing + * one (anywhere) including via aliases. + */ + ret = samldb_spn_uniqueness_check(ac, el); + if (ret != LDB_SUCCESS) { + return ret; + } + } + if (samdb_find_attribute(ldb, ac->msg, "objectclass", "user") != NULL) { ac->type = SAMLDB_TYPE_USER; @@ -4936,19 +4948,6 @@ static int samldb_add(struct ldb_module *module, struct ldb_request *req) return samldb_fill_object(ac); } - - el = ldb_msg_find_element(ac->msg, "servicePrincipalName"); - if ((el != NULL)) { - /* - * We need to check whether the SPN collides with an existing - * one (anywhere) including via aliases. - */ - ret = samldb_spn_uniqueness_check(ac, el); - if (ret != LDB_SUCCESS) { - return ret; - } - } - if (samdb_find_attribute(ldb, ac->msg, "objectclass", "subnet") != NULL) { ret = samldb_verify_subnet(ac, ac->msg->dn); -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.