CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object

If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/selftest/knownfail.d/ldap_spn b/selftest/knownfail.d/ldap_spn
index 16dafa91b665e6e838032dc933ec5ce6ebca7b75..63f9fe02ef7df4b0b9880b2ea23325df7e7954f2 100644 (file)
--- a/selftest/knownfail.d/ldap_spn
+++ b/selftest/knownfail.d/ldap_spn
@@ -1,2 +1 @@
 samba.tests.ldap_spn.+LdapSpnTest.test_spn_dodgy_spns
-samba.tests.ldap_spn.+LdapSpnSambaOnlyTest.test_spn_add_a_conflict_along_with_a_re_added_SPN

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index f0227411ccd2c03eb35ed7a8cf570a796eaf2758..a219446bba727345ef9c2552686e377af7097716 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -4001,8 +4001,7 @@ static int samldb_spn_uniqueness_check(struct samldb_ctx *ac,
                                                 ac->msg->dn);
                if (ret == LDB_ERR_COMPARE_TRUE) {
                        DBG_INFO("SPN %s re-added to the same object\n", spn);
-                       talloc_free(tmp_ctx);
-                       return LDB_SUCCESS;
+                       continue;
                }
                if (ret != LDB_SUCCESS) {
                        DBG_ERR("SPN %s failed direct uniqueness check\n", spn);