| commit | c64b48b2b2652d6a8241105d570904219a98d226 | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Thu, 2 Mar 2023 03:31:17 +0000 (2 16:31 +1300) | ||
| committer | Jule Anger <janger@samba.org> | |
| Mon, 20 Mar 2023 09:03:38 +0000 (20 10:03 +0100) | ||
| tree | c2d8102711b54eb8defd3f30819e5cde224a3dbc | treesnapshot (tar.gz zip) |
| parent | 1cfaa078ffcbd915f8494cd98b375dd2598010ec | commitdiff |
CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
[abartlet@samba.org adapted due to Samba 4.16 and lower
not having the patches for CVE-2022-32743]
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
[abartlet@samba.org adapted due to Samba 4.16 and lower
not having the patches for CVE-2022-32743]
| source4/dsdb/common/util.c | diffblobblamehistory | |
| source4/dsdb/common/util.h | diffblobblamehistory |