From ca5cf8d35b9756c9d65831718c5032533612c94a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 15 Sep 2020 13:19:14 +0200 Subject: [PATCH] CVE-2020-25717 wb_sids2xids: move more checks to wb_sids2xids_next_sids2unix() For the first run this is a no-op, but it simplified the caller. We'll call wb_sids2xids_next_sids2unix() in a few more places in future and it's easier to have this all within wb_sids2xids_next_sids2unix(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539 Signed-off-by: Stefan Metzmacher Reviewed-by: Gary Lockyer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 (cherry picked from commit 231c8d04b19a1c17937f988d142ca5c0f889d4e0) --- source3/winbindd/wb_sids2xids.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c index 2a30eee2c7b..b934425f4fd 100644 --- a/source3/winbindd/wb_sids2xids.c +++ b/source3/winbindd/wb_sids2xids.c @@ -309,6 +309,13 @@ static void wb_sids2xids_next_sids2unix(struct tevent_req *req) struct tevent_req *subreq = NULL; struct dcerpc_binding_handle *child_binding_handle = NULL; + state->tried_dclookup = false; + + if (state->dom_index == state->idmap_doms.count) { + tevent_req_done(req); + return; + } + state->dom_ids = wb_sids2xids_extract_for_domain_index( state, &state->ids, state->dom_index); if (tevent_req_nomem(state->dom_ids, req)) { @@ -413,12 +420,6 @@ static void wb_sids2xids_done(struct tevent_req *subreq) TALLOC_FREE(state->dom_ids); state->dom_index += 1; - state->tried_dclookup = false; - - if (state->dom_index == state->idmap_doms.count) { - tevent_req_done(req); - return; - } wb_sids2xids_next_sids2unix(req); } -- 2.47.2