From: Joseph Sutton Date: Tue, 21 Jun 2022 03:22:47 +0000 (+1200) Subject: CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison X-Git-Tag: ldb-2.3.4~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0526d27e9eddd9c2a54434cf0dcdb136a6c659e4;p=thirdparty%2Fsamba.git CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison LDB_FLAG_MOD_* values are not actually flags, and the previous comparison was equivalent to (el->flags & LDB_FLAG_MOD_MASK) == 0 which is only true if none of the LDB_FLAG_MOD_* values are set, so we would not successfully return if the element was a DELETE. Correct the expression to what it was intended to be. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009 Signed-off-by: Joseph Sutton --- diff --git a/selftest/knownfail.d/acl-spn-delete b/selftest/knownfail.d/acl-spn-delete deleted file mode 100644 index 32018413c49..00000000000 --- a/selftest/knownfail.d/acl-spn-delete +++ /dev/null @@ -1 +0,0 @@ -^samba4.ldap.acl.python.*__main__.AclSPNTests.test_delete_disallowed_spn\( diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c index 21e83276bfd..8016a2d4bd0 100644 --- a/source4/dsdb/samdb/ldb_modules/acl.c +++ b/source4/dsdb/samdb/ldb_modules/acl.c @@ -734,8 +734,9 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx, * If not add or replace (eg delete), * return success */ - if ((el->flags - & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE)) == 0) { + if (LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_ADD && + LDB_FLAG_MOD_TYPE(el->flags) != LDB_FLAG_MOD_REPLACE) + { talloc_free(tmp_ctx); return LDB_SUCCESS; }