CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children

author Andrew Bartlett <abartlet@samba.org>

Fri, 6 Dec 2019 04:54:23 +0000 (17:54 +1300)

committer Karolin Seeger <kseeger@samba.org>

Fri, 10 Jan 2020 10:56:20 +0000 (11:56 +0100)
author Andrew Bartlett <abartlet@samba.org>
Fri, 6 Dec 2019 04:54:23 +0000 (17:54 +1300)
committer Karolin Seeger <kseeger@samba.org>
Fri, 10 Jan 2020 10:56:20 +0000 (11:56 +0100)
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c

index 7070affa6459c5f12a1515dd79bffbe10fb0cf0b..b9f465fc36fc64b7ffeccf3304b6d4f9237f86b5 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -1291,6 +1291,13 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module,
  
                 if (cur != NULL) {
                         DLIST_REMOVE(change->children, cur);
+               } else if (i == 0) {
+                       /*
+                        * in the change->force_self case
+                        * res->msgs[0]->elements was not overwritten,
+                        * so set cur here
+                        */
+                       cur = change;
                 }
  
                 for (c = stopped_stack; c; c = stopped_stack) {
author	Andrew Bartlett <abartlet@samba.org>
	Fri, 6 Dec 2019 04:54:23 +0000 (17:54 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 10 Jan 2020 10:56:20 +0000 (11:56 +0100)