From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 14 Jun 2022 09:12:39 +0000 (+1200)
Subject: CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for flags equality check
X-Git-Tag: ldb-2.3.4~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49dd9042f4ee380fa1dafcebcb54d0e1f0852463;p=thirdparty%2Fsamba.git

CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for flags equality check

Now unrelated flags will no longer affect the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---

diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c
index e089355975b..db383a560da 100644
--- a/source4/lib/registry/ldb.c
+++ b/source4/lib/registry/ldb.c
@@ -859,7 +859,7 @@ static WERROR ldb_set_value(struct hive_key *parent,
 
 	/* Try first a "modify" and if this doesn't work do try an "add" */
 	for (i = 0; i < msg->num_elements; i++) {
-		if (msg->elements[i].flags != LDB_FLAG_MOD_DELETE) {
+		if (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) != LDB_FLAG_MOD_DELETE) {
 			msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
 		}
 	}