git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
febe15a
)
CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected...
author
Andrew Bartlett
<abartlet@samba.org>
Tue, 26 Nov 2019 02:44:32 +0000
(15:44 +1300)
committer
Karolin Seeger
<kseeger@samba.org>
Tue, 21 Jan 2020 10:11:38 +0000
(10:11 +0000)
This means we can trust the DB did not change between the two search
requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/samdb/ldb_modules/descriptor.c
patch
|
blob
|
history
diff --git
a/source4/dsdb/samdb/ldb_modules/descriptor.c
b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 9018b750ab5837e2adc4a4bb2ed17aa1eb1a1579..fb2854438e1e95908f777a8e6d24e40763ceebe9 100644
(file)
--- a/
source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/
source4/dsdb/samdb/ldb_modules/descriptor.c
@@
-1199,6
+1199,9
@@
static int descriptor_sd_propagation_recursive(struct ldb_module *module,
* LDB_SCOPE_SUBTREE searches are expensive.
*
* Note: that we do not search for deleted/recycled objects
+ *
+ * We know this is safe against a rename race as we are in the
+ * prepare_commit(), so must be in a transaction.
*/
ret = dsdb_module_search(module,
change,