CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 2e6464f0dd1d0a552b773e479478229dd0489e87..92d5a1bde01e33cf23cd8516e85377681e8b6ca8 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -4246,17 +4246,20 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
                }
 
                while ((passwordAttr = ldb_msg_find_element(msg, *l)) != NULL) {
-                       if (LDB_FLAG_MOD_TYPE(passwordAttr->flags) == LDB_FLAG_MOD_DELETE) {
+                       unsigned int mtype = LDB_FLAG_MOD_TYPE(passwordAttr->flags);
+
+                       if (mtype == LDB_FLAG_MOD_DELETE) {
                                ++del_attr_cnt;
                        }
-                       if (LDB_FLAG_MOD_TYPE(passwordAttr->flags) == LDB_FLAG_MOD_ADD) {
+                       if (mtype == LDB_FLAG_MOD_ADD) {
                                ++add_attr_cnt;
                        }
-                       if (LDB_FLAG_MOD_TYPE(passwordAttr->flags) == LDB_FLAG_MOD_REPLACE) {
+                       if (mtype == LDB_FLAG_MOD_REPLACE) {
                                ++rep_attr_cnt;
                        }
                        if ((passwordAttr->num_values != 1) &&
-                           (LDB_FLAG_MOD_TYPE(passwordAttr->flags) == LDB_FLAG_MOD_ADD)) {
+                           (mtype == LDB_FLAG_MOD_ADD))
+                       {
                                talloc_free(ac);
                                ldb_asprintf_errstring(ldb,
                                                       "'%s' attribute must have exactly one value on add operations!",
@@ -4264,7 +4267,8 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r
                                return LDB_ERR_CONSTRAINT_VIOLATION;
                        }
                        if ((passwordAttr->num_values > 1) &&
-                           (LDB_FLAG_MOD_TYPE(passwordAttr->flags) == LDB_FLAG_MOD_DELETE)) {
+                           (mtype == LDB_FLAG_MOD_DELETE))
+                       {
                                talloc_free(ac);
                                ldb_asprintf_errstring(ldb,
                                                       "'%s' attribute must have zero or one value(s) on delete operations!",