CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV

This is a silly combination, but at least try and keep the results sensible
and avoid a double-dereference.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
index 31e64b4bd7802317627fd1cf822eb5bbaae794c4..d58a62482c9de63b09112b8ae840932e272be9b9 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -682,10 +682,21 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
                if (control->oid == NULL) {
                        break;
                }
+               /*
+                * Do not re-use VLV, nor the server-sort, both are
+                * already handled here.
+                */
                if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
                    strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
                        continue;
                }
+               /*
+                * ASQ changes everything, do not copy it down for the
+                * per-GUID search
+                */
+               if (strcmp(control->oid, LDB_CONTROL_ASQ_OID) == 0) {
+                       continue;
+               }
                new_controls[j] = talloc_steal(new_controls, control);
                j++;
        }