39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 34383981a0c40860f71a4451ff8fd752e1b67666 Mon Sep 17 00:00:00 2001
|
|
From: Gary Lockyer <gary@catalyst.net.nz>
|
|
Date: Tue, 19 Feb 2019 10:26:25 +1300
|
|
Subject: [PATCH] CVE-2019-3824 ldb: wildcard_match check tree operation
|
|
|
|
Check the operation type of the passed parse tree, and return
|
|
LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.
|
|
|
|
A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
|
|
operation and failing ldb_wildcard_match should help prevent confusion
|
|
writing tests.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
|
|
|
|
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
---
|
|
lib/ldb/common/ldb_match.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
|
|
index ab0a89888f0..59f48b52b70 100644
|
|
--- a/lib/ldb/common/ldb_match.c
|
|
+++ b/lib/ldb/common/ldb_match.c
|
|
@@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
|
|
uint8_t *save_p = NULL;
|
|
unsigned int c = 0;
|
|
|
|
+ if (tree->operation != LDB_OP_SUBSTRING) {
|
|
+ *matched = false;
|
|
+ return LDB_ERR_INAPPROPRIATE_MATCHING;
|
|
+ }
|
|
+
|
|
a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
|
|
if (!a) {
|
|
return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
|
|
--
|
|
2.24.0
|