代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/libldb 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 7efe8182c165fbf17d2f88c173527a7a554e214b Mon Sep 17 00:00:00 2001
From: Joseph Sutton <[email protected]>
Date: Mon, 21 Feb 2022 16:10:32 +1300
Subject: [PATCH] CVE-2022-32746 ldb: Add flag to mark message element values
as shared
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.
This flag value will be heeded in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <[email protected]>
---
common/ldb_msg.c | 43 +++++++++++++++++++++++++++++++-----
include/ldb_module.h | 6 +++++
2 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/common/ldb_msg.c b/common/ldb_msg.c
index 57dfc5a04c2b..2a9ce384bb98 100644
--- a/common/ldb_msg.c
+++ b/common/ldb_msg.c
@@ -833,11 +833,7 @@ void ldb_msg_sort_elements(struct ldb_message *msg)
ldb_msg_element_compare_name);
}
-/*
- shallow copy a message - copying only the elements array so that the caller
- can safely add new elements without changing the message
-*/
-struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+static struct ldb_message *ldb_msg_copy_shallow_impl(TALLOC_CTX *mem_ctx,
const struct ldb_message *msg)
{
struct ldb_message *msg2;
@@ -863,6 +859,35 @@ struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
return NULL;
}
+/*
+ shallow copy a message - copying only the elements array so that the caller
+ can safely add new elements without changing the message
+*/
+struct ldb_message *ldb_msg_copy_shallow(TALLOC_CTX *mem_ctx,
+ const struct ldb_message *msg)
+{
+ struct ldb_message *msg2;
+ unsigned int i;
+
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
+ if (msg2 == NULL) {
+ return NULL;
+ }
+
+ for (i = 0; i < msg2->num_elements; ++i) {
+ /*
+ * Mark this message's elements as sharing their values with the
+ * original message, so that we don't inadvertently modify or
+ * free them. We don't mark the original message element as
+ * shared, so the original message element should not be
+ * modified or freed while the shallow copy lives.
+ */
+ struct ldb_message_element *el = &msg2->elements[i];
+ el->flags |= LDB_FLAG_INTERNAL_SHARED_VALUES;
+ }
+
+ return msg2;
+}
/*
copy a message, allocating new memory for all parts
@@ -873,7 +898,7 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
struct ldb_message *msg2;
unsigned int i, j;
- msg2 = ldb_msg_copy_shallow(mem_ctx, msg);
+ msg2 = ldb_msg_copy_shallow_impl(mem_ctx, msg);
if (msg2 == NULL) return NULL;
if (msg2->dn != NULL) {
@@ -894,6 +919,12 @@ struct ldb_message *ldb_msg_copy(TALLOC_CTX *mem_ctx,
goto failed;
}
}
+
+ /*
+ * Since we copied this element's values, we can mark them as
+ * not shared.
+ */
+ el->flags &= ~LDB_FLAG_INTERNAL_SHARED_VALUES;
}
return msg2;
diff --git a/include/ldb_module.h b/include/ldb_module.h
index 8c1e5ee7936c..4c7c85a17f00 100644
--- a/include/ldb_module.h
+++ b/include/ldb_module.h
@@ -96,6 +96,12 @@ struct ldb_module;
*/
#define LDB_FLAG_INTERNAL_FORCE_UNIQUE_INDEX 0x100
+/*
+ * indicates that this element's values are shared with another element (for
+ * example, in a shallow copy of an ldb_message) and should not be freed
+ */
+#define LDB_FLAG_INTERNAL_SHARED_VALUES 0x200
+
/* an extended match rule that always fails to match */
#define SAMBA_LDAP_MATCH_ALWAYS_FALSE "1.3.6.1.4.1.7165.4.5.1"
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手