CVE-2020-10730: dsdb: Ban the combination of paged_results and VLV

This (two different paging controls) makes no sense and fails against
Windows Server 1709.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c b/source4/dsdb/samdb/ldb_modules/paged_results.c
index f720a2e43375523e9b920b03e2f812075f3abb06..aa49a6e4aa56064a7eb130099a3e951b3046cfb0 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/paged_results.c
+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c
@@ -589,6 +589,7 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req)
 {
        struct ldb_context *ldb;
        struct ldb_control *control;
+       struct ldb_control *vlv_control;
        struct private_data *private_data;
        struct ldb_paged_control *paged_ctrl;
        struct ldb_request *search_req;
@@ -612,6 +613,15 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req)
        private_data = talloc_get_type(ldb_module_get_private(module),
                                        struct private_data);
 
+       vlv_control = ldb_request_get_control(req, LDB_CONTROL_VLV_REQ_OID);
+       if (vlv_control != NULL) {
+               /*
+                * VLV and paged_results are not allowed at the same
+                * time
+                */
+               return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION;
+       }
+
        ac = talloc_zero(req, struct paged_context);
        if (ac == NULL) {
                ldb_set_errstring(ldb, "Out of Memory");