CVE-2020-25722 s4/dsdb/samldb: unique_attr_check uses samldb_get_single_valued_attr()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 40dfab6390b072995d76e9dc0ad3ec533a45fd3e..a03fc6eb07c6230b5f9711549f7e878c470de0fe 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -216,37 +216,21 @@ static int samldb_unique_attr_check(struct samldb_ctx *ac, const char *attr,
 {
        struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
        const char * const no_attrs[] = { NULL };
-       struct ldb_result *res;
-       const char *enc_str;
-       struct ldb_message_element *el;
+       struct ldb_result *res = NULL;
+       const char *str = NULL;
+       const char *enc_str = NULL;
        int ret;
 
-       el = dsdb_get_single_valued_attr(ac->msg, attr,
-                                        ac->req->operation);
-       if (el == NULL) {
-               /* we are not affected */
-               return LDB_SUCCESS;
-       }
-
-       if (el->num_values > 1) {
-               ldb_asprintf_errstring(ldb,
-                                      "samldb: %s has %u values, should be single-valued!",
-                                      attr, el->num_values);
-               return LDB_ERR_CONSTRAINT_VIOLATION;
-       } else if (el->num_values == 0) {
-               ldb_asprintf_errstring(ldb,
-                                      "samldb: new value for %s not provided for mandatory, single-valued attribute!",
-                                      attr);
-               return LDB_ERR_OBJECT_CLASS_VIOLATION;
+       ret = samldb_get_single_valued_attr(ldb, ac, attr, &str);
+       if (ret != LDB_SUCCESS) {
+               return ret;
        }
-       if (el->values[0].length == 0) {
-               ldb_asprintf_errstring(ldb,
-                                      "samldb: %s is of zero length, should have a value!",
-                                      attr);
-               return LDB_ERR_OBJECT_CLASS_VIOLATION;
+       if (str == NULL) {
+               /* the attribute wasn't found */
+               return LDB_SUCCESS;
        }
-       enc_str = ldb_binary_encode(ac, el->values[0]);
 
+       enc_str = ldb_binary_encode_string(ac, str);
        if (enc_str == NULL) {
                return ldb_module_oom(ac->module);
        }