1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
From edac27f5408191567233983562091484ebbbad0a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 26 Jun 2023 15:14:24 +0200
Subject: [PATCH] CVE-2018-14628: s4:dsdb: remove unused code in
dirsync_filter_entry()
This makes the next change easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
CVE: CVE-2018-14628
Upstream-Status: Backport [https://github.com/samba-team/samba/commit/edac27f5408191567233983562091484ebbbad0a]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++---------------------
1 file changed, 5 insertions(+), 48 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
index e61ade8..e7fb27f 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -152,10 +152,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
* list only the attribute that have been modified since last interogation
*
*/
- newmsg = ldb_msg_new(dsc->req);
- if (newmsg == NULL) {
- return ldb_oom(ldb);
- }
for (i = msg->num_elements - 1; i >= 0; i--) {
if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
int error = 0;
@@ -202,11 +198,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
*/
return LDB_SUCCESS;
}
- newmsg->dn = ldb_dn_new(newmsg, ldb, "");
- if (newmsg->dn == NULL) {
- return ldb_oom(ldb);
- }
-
el = ldb_msg_find_element(msg, "objectGUID");
if ( el != NULL) {
guidfound = true;
@@ -217,48 +208,14 @@ static int dirsync_filter_entry(struct ldb_request *req,
* well will uncomment the code bellow
*/
SMB_ASSERT(guidfound == true);
- /*
- if (guidfound == false) {
- struct GUID guid;
- struct ldb_val *new_val;
- DATA_BLOB guid_blob;
-
- tmp[0] = '\0';
- txt = strrchr(txt, ':');
- if (txt == NULL) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
- txt++;
-
- status = GUID_from_string(txt, &guid);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- status = GUID_to_ndr_blob(&guid, msg, &guid_blob);
- if (!NT_STATUS_IS_OK(status)) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
-
- new_val = talloc(msg, struct ldb_val);
- if (new_val == NULL) {
- return ldb_oom(ldb);
- }
- new_val->data = talloc_steal(new_val, guid_blob.data);
- new_val->length = guid_blob.length;
- if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) {
- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
- }
- }
- */
- ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD);
- talloc_steal(newmsg->elements, el->name);
- talloc_steal(newmsg->elements, el->values);
-
- talloc_steal(newmsg->elements, msg);
return ldb_module_send_entry(dsc->req, msg, controls);
}
+ newmsg = ldb_msg_new(dsc->req);
+ if (newmsg == NULL) {
+ return ldb_oom(ldb);
+ }
+
ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd,
(ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
--
2.40.0
|