search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: b8424fa) | patch
CVE-2020-25722 s4/dsdb/pwd_hash: rework pwdLastSet bypass
commitbed2ea1d378f31e3d071a7a5d4c80cd9cc1c9894
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Wed, 20 Oct 2021 04:20:54 +0000 (20 17:20 +1300)
committerJule Anger <janger@samba.org>
Mon, 8 Nov 2021 09:52:11 +0000 (8 10:52 +0100)
tree5dfd5a9bf6d1e56c19548ca33a000fb0acc027c4tree | snapshot (tar.gz zip)
parentb8424fad4234fa422436b5a704c017bd9d7e3913commit | diff
CVE-2020-25722 s4/dsdb/pwd_hash: rework pwdLastSet bypass

This tightens the logic a bit, in that a message with trailing DELETE
elements is no longer accepted when the bypass flag is set. In any case
this is an unlikely scenario as this is an internal flag set by a private
control in pdb_samba_dsdb_replace_by_sam().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/samdb/ldb_modules/password_hash.c diff | blob | blame | history
Samba GIT mirror