From: Alexander Bokovoy <ab@samba.org>
Date: Thu, 18 Jun 2020 07:45:41 +0000 (+0300)
Subject: ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
X-Git-Tag: samba-4.11.10~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e819be438ae8dd501474e62faf8cf71bd187aa8;p=thirdparty%2Fsamba.git

ldb_ldap: fix off-by-one increment in lldb_add_msg_attr

Fix regression introduced by commit ce2bf5c72b6423fff680b3d6a9042103a6cdda55

lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.

As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184

(cherry picked from commit 990a0fc4a0481aed817fad7575d8df453fbe7af9)

Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Wed Jun 24 12:39:28 UTC 2020 on sn-devel-184
---

diff --git a/lib/ldb/ldb_ldap/ldb_ldap.c b/lib/ldb/ldb_ldap/ldb_ldap.c
index d7222997732..0531f8a62ae 100644
--- a/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -176,8 +176,6 @@ static int lldb_add_msg_attr(struct ldb_context *ldb,
 		el->num_values++;
 	}
 
-	msg->num_elements++;
-
 	return 0;
 }