From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 12 Aug 2021 09:53:16 +0000 (+1200)
Subject: CVE-2020-25722 s4/cracknames: add comment pointing to samldb spn handling
X-Git-Tag: samba-4.13.14~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b5a370e896c5517946fd1636cc890bb7bca549b;p=thirdparty%2Fsamba.git

CVE-2020-25722 s4/cracknames: add comment pointing to samldb spn handling

These need to stay a little bit in sync. The reverse comment is there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 235276bc4c8..5af62f0b71e 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -79,6 +79,12 @@ static enum drsuapi_DsNameStatus LDB_lookup_spn_alias(struct ldb_context *ldb_ct
 						      const char *alias_from,
 						      char **alias_to)
 {
+	/*
+	 * Some of the logic of this function is mirrored in find_spn_alias()
+	 * in source4/dsdb.samdb/ldb_modules/samldb.c. If you change this to
+	 * not return the first matched alias, you will need to rethink that
+	 * function too.
+	 */
 	unsigned int i;
 	int ret;
 	struct ldb_result *res;