From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 26 Nov 2019 02:44:32 +0000 (+1300)
Subject: CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected... 
X-Git-Tag: samba-4.9.18~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17215b36b22d309a58a3b7bd08123f06e89657c9;p=thirdparty%2Fsamba.git

CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction

This means we can trust the DB did not change between the two search
requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index 9018b750ab5..fb2854438e1 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -1199,6 +1199,9 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module,
 	 * LDB_SCOPE_SUBTREE searches are expensive.
 	 *
 	 * Note: that we do not search for deleted/recycled objects
+	 *
+	 * We know this is safe against a rename race as we are in the
+	 * prepare_commit(), so must be in a transaction.
 	 */
 	ret = dsdb_module_search(module,
 				 change,