git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 582ac17) | patch
CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Tue, 21 Jun 2022 03:22:47 +0000 (15:22 +1200)
committerJule Anger <janger@samba.org>
Sun, 24 Jul 2022 09:41:53 +0000 (11:41 +0200)
commit0526d27e9eddd9c2a54434cf0dcdb136a6c659e4
tree4b9fae988e89ab6539cd53a3039642dcebce1b9atree
parent582ac171364f0c28f54eaf4f21b5bfa7569b5233commit | diff
CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison

LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to

(el->flags & LDB_FLAG_MOD_MASK) == 0

which is only true if none of the LDB_FLAG_MOD_* values are set, so we
would not successfully return if the element was a DELETE. Correct the
expression to what it was intended to be.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
selftest/knownfail.d/acl-spn-delete [deleted file] blob | history
source4/dsdb/samdb/ldb_modules/acl.c diff | blob | history
Samba Shared Repository