From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 10 Sep 2020 21:06:02 +0000 (+0200)
Subject: CVE-2020-25717 wb_sids2xids: fill cache as soon as possible
X-Git-Tag: samba-4.13.14~243
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69c53f9c3174b0a93a425dbdf80d6cb8f5722ec3;p=thirdparty%2Fsamba.git

CVE-2020-25717 wb_sids2xids: fill cache as soon as possible

After adding entries to the cache we can mark them
as filled from the cache by setting its domain_index
to UINT32_MAX.

This will allow further changes to fill the results
into state->all_ids in steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 3f4626ea6d235470195918b77af35ac2cfeb227c)
---

diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index cdbc70a0b49..21bf5f901f3 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -455,6 +455,8 @@ static void wb_sids2xids_done(struct tevent_req *subreq)
 		if (src->ids[si].xid.type != ID_TYPE_NOT_SPECIFIED) {
 			dst->ids[di].xid  = src->ids[si].xid;
 		}
+		dst->ids[di].domain_index = UINT32_MAX; /* mark as valid */
+		idmap_cache_set_sid2unixid(&state->sids[di], &dst->ids[di].xid);
 	}
 
 	state->map_ids_in.num_ids = 0;
@@ -547,9 +549,6 @@ NTSTATUS wb_sids2xids_recv(struct tevent_req *req,
 
 	for (i=0; i<state->num_sids; i++) {
 		xids[i] = state->all_ids.ids[i].xid;
-		if (state->all_ids.ids[i].domain_index != UINT32_MAX) {
-			idmap_cache_set_sid2unixid(&state->sids[i], &xids[i]);
-		}
 	}
 
 	return NT_STATUS_OK;