From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 15 Mar 2024 02:03:44 +0000 (+1300)
Subject: ldb:ldb_dn: use safe transitive comparison in ldb_dn_compare()
X-Git-Tag: tdb-1.4.11~1401
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cf77b5775a314b606bf870f99695a45cfbbd084;p=thirdparty%2Fsamba.git

ldb:ldb_dn: use safe transitive comparison in ldb_dn_compare()

The comparison we make is unconventional, and makes no difference in
normal usage, where we just want to know whether two DNs are the same
or not. But with over 100 callers, it is possible that something
somewhere is attempting a sort.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 601da57a1b1..3c331cc645c 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1156,8 +1156,15 @@ int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
 
 	}
 
-	if (dn0->comp_num != dn1->comp_num) {
-		return (dn1->comp_num - dn0->comp_num);
+	/*
+	 * Notice that for comp_num, Samba reverses the usual order of
+	 * comparison. A DN with fewer components is greater than one
+	 * with more.
+	 */
+	if (dn0->comp_num > dn1->comp_num) {
+		return -1;
+	} else if (dn0->comp_num < dn1->comp_num) {
+		return 1;
 	}
 
 	if (dn0->comp_num == 0) {