git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e1ab0c4) | patch
CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing ldb-2.5.0
authorAndrew Bartlett <abartlet@samba.org>
Mon, 27 Sep 2021 03:47:46 +0000 (16:47 +1300)
committerDouglas Bagnall <dbagnall@samba.org>
Thu, 25 Nov 2021 01:41:30 +0000 (01:41 +0000)
commit1d5b155619bc532c46932965b215bd73a920e56f
tree3e42139286788f307f4c01457682c2ee439373cftree
parente1ab0c43629686d1d2c0b0b2bcdc90057a792049commit | diff
CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing

The LDB filter processing is where the time is spent in the LDB stack
but the timeout event will not get run while this is ongoing, so we
must confirm we have not yet timed out manually.

RN: Ensure that the LDB request has not timed out during filter processing
as the LDAP server MaxQueryDuration is otherwise not honoured.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
lib/ldb/ldb_key_value/ldb_kv.c diff | blob | history
lib/ldb/ldb_key_value/ldb_kv.h diff | blob | history
lib/ldb/ldb_key_value/ldb_kv_index.c diff | blob | history
lib/ldb/ldb_key_value/ldb_kv_search.c diff | blob | history
selftest/knownfail.d/ldap-timeout [deleted file] blob | history
Samba Shared Repository