CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected...

author Andrew Bartlett <abartlet@samba.org>

Tue, 26 Nov 2019 02:44:32 +0000 (15:44 +1300)

committer Karolin Seeger <kseeger@samba.org>

Tue, 21 Jan 2020 10:11:38 +0000 (10:11 +0000)
author Andrew Bartlett <abartlet@samba.org>
Tue, 26 Nov 2019 02:44:32 +0000 (15:44 +1300)
committer Karolin Seeger <kseeger@samba.org>
Tue, 21 Jan 2020 10:11:38 +0000 (10:11 +0000)
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c

index 9018b750ab5837e2adc4a4bb2ed17aa1eb1a1579..fb2854438e1e95908f777a8e6d24e40763ceebe9 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -1199,6 +1199,9 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module,
          * LDB_SCOPE_SUBTREE searches are expensive.
          *
          * Note: that we do not search for deleted/recycled objects
+        *
+        * We know this is safe against a rename race as we are in the
+        * prepare_commit(), so must be in a transaction.
          */
         ret = dsdb_module_search(module,
                                  change,
author	Andrew Bartlett <abartlet@samba.org>
	Tue, 26 Nov 2019 02:44:32 +0000 (15:44 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 21 Jan 2020 10:11:38 +0000 (10:11 +0000)