search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 131d417) | patch
CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
commitf25b1756aacbaabfd75e270cc3fecbf6d17c29fd
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Fri, 3 Mar 2023 04:30:19 +0000 (3 17:30 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 5 Apr 2023 02:10:35 +0000 (5 02:10 +0000)
tree2641de5f80f60a41ff16db94e1a7e6eba7dd8e83tree | snapshot (tar.gz zip)
parent131d4176044e54e0e5a94b9c57491bb1594d202ccommit | diff
CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place

ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().

Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().

As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.

We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/ldb/ABI/ldb-2.8.0.sigs diff | blob | blame | history
lib/ldb/common/ldb_pack.c diff | blob | blame | history
lib/ldb/include/ldb_module.h diff | blob | blame | history
lib/ldb/tests/ldb_filter_attrs_in_place_test.c diff | blob | blame | history
Samba GIT mirror