CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for flags equality check

Now unrelated flags will no longer affect the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/source4/lib/registry/ldb.c b/source4/lib/registry/ldb.c
index e089355975bb0bc4abc1983b466fb7ae0c7457ca..db383a560da4c8ae12d2946dd01b6fd6e27d5792 100644 (file)
--- a/source4/lib/registry/ldb.c
+++ b/source4/lib/registry/ldb.c
@@ -859,7 +859,7 @@ static WERROR ldb_set_value(struct hive_key *parent,
 
        /* Try first a "modify" and if this doesn't work do try an "add" */
        for (i = 0; i < msg->num_elements; i++) {
-               if (msg->elements[i].flags != LDB_FLAG_MOD_DELETE) {
+               if (LDB_FLAG_MOD_TYPE(msg->elements[i].flags) != LDB_FLAG_MOD_DELETE) {
                        msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
                }
        }