From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 2 Aug 2022 02:40:01 +0000 (+1200)
Subject: CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
X-Git-Tag: talloc-2.4.0~1059
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7981cba87e3a7256b12bfc5fdd89b136c12979ff;p=thirdparty%2Fsamba.git

CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()

All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index aff31ac8651..be0a2cd4a33 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2414,7 +2414,10 @@ static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ret = dsdb_autotransaction_request(ldb, req);
+	ret = ldb_request(ldb, req);
+	if (ret == LDB_SUCCESS) {
+		ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+	}
 
 	if (req->context != NULL) {
 		struct ldb_control *control = talloc_get_type_abort(req->context,