CVE-2023-0614 ldb: Add functions for handling inaccessible message elements

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/ABI/ldb-2.8.0.sigs b/lib/ldb/ABI/ldb-2.8.0.sigs
index b53c9925cde21ea820e4da36d38203366cd11adf..3e2c9262d967e16e8d7d3d783356407b788d7193 100644 (file)
--- a/lib/ldb/ABI/ldb-2.8.0.sigs
+++ b/lib/ldb/ABI/ldb-2.8.0.sigs
@@ -174,6 +174,8 @@ ldb_msg_element_add_value: int (TALLOC_CTX *, struct ldb_message_element *, cons
 ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *)
 ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *)
 ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *)
+ldb_msg_element_is_inaccessible: bool (const struct ldb_message_element *)
+ldb_msg_element_mark_inaccessible: void (struct ldb_message_element *)
 ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int)
 ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *)
 ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double)
@@ -191,6 +193,7 @@ ldb_msg_new: struct ldb_message *(TALLOC_CTX *)
 ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **)
 ldb_msg_remove_attr: void (struct ldb_message *, const char *)
 ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *)
+ldb_msg_remove_inaccessible: void (struct ldb_message *)
 ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *)
 ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *)
 ldb_msg_sort_elements: void (struct ldb_message *)

diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index c3db513425e2ac2b50c124fcbacb1000b29865c9..3f4f5ac90f12dcbb63eb7d10deece64d08dd94b9 100644 (file)
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -795,6 +795,32 @@ int ldb_msg_element_compare_name(struct ldb_message_element *el1,
        return ldb_attr_cmp(el1->name, el2->name);
 }
 
+void ldb_msg_element_mark_inaccessible(struct ldb_message_element *el)
+{
+       el->flags |= LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE;
+}
+
+bool ldb_msg_element_is_inaccessible(const struct ldb_message_element *el)
+{
+       return (el->flags & LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE) != 0;
+}
+
+void ldb_msg_remove_inaccessible(struct ldb_message *msg)
+{
+       unsigned i;
+       unsigned num_del = 0;
+
+       for (i = 0; i < msg->num_elements; ++i) {
+               if (ldb_msg_element_is_inaccessible(&msg->elements[i])) {
+                       ++num_del;
+               } else if (num_del) {
+                       msg->elements[i - num_del] = msg->elements[i];
+               }
+       }
+
+       msg->num_elements -= num_del;
+}
+
 /*
   convenience functions to return common types from a message
   these return the first value if the attribute is multi-valued

diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 7de4924f309f4cc35544fcef03a7ff9985d7fcdb..8449294744d8aa142b3d7d0bc30d942019f9ccad 100644 (file)
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -513,6 +513,10 @@ struct ldb_extended_match_rule
 int ldb_register_extended_match_rule(struct ldb_context *ldb,
                                     const struct ldb_extended_match_rule *rule);
 
+void ldb_msg_element_mark_inaccessible(struct ldb_message_element *el);
+bool ldb_msg_element_is_inaccessible(const struct ldb_message_element *el);
+void ldb_msg_remove_inaccessible(struct ldb_message *msg);
+
 /*
  * these pack/unpack functions are exposed in the library for use by
  * ldb tools like ldbdump and for use in tests,