The Samba-Bugzilla – Attachment 14113 Details for
Bug 13374
[SECURITY] CVE-2018-1140 ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for master (no test)
0002-PATCH-Add-NULL-check-for-ldb_dn_get_casefold-in-ltdb.patch (text/plain), 1.46 KB, created by
Garming Sam
on 2018-04-08 22:12:31 UTC
(
hide
)
Description:
Patch for master (no test)
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2018-04-08 22:12:31 UTC
Size:
1.46 KB
patch
obsolete
>From 804491723506377b42419c645d7f9d8314ce6dfe Mon Sep 17 00:00:00 2001 >From: Andrej Gessel <Andrej.Gessel@janztec.com> >Date: Fri, 6 Apr 2018 18:18:33 +0200 >Subject: [PATCH 2/2] [PATCH] Add NULL check for ldb_dn_get_casefold() in > ltdb_index_dn_attr() > >Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> >--- > lib/ldb/ldb_tdb/ldb_index.c | 9 +++++++++ > selftest/knownfail.d/ldb.base | 1 - > 2 files changed, 9 insertions(+), 1 deletion(-) > delete mode 100644 selftest/knownfail.d/ldb.base > >diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c >index 59434f3..9697b8c 100644 >--- a/lib/ldb/ldb_tdb/ldb_index.c >+++ b/lib/ldb/ldb_tdb/ldb_index.c >@@ -1582,6 +1582,15 @@ static int ltdb_index_dn_attr(struct ldb_module *module, > > /* work out the index key from the parent DN */ > val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn)); >+ if (val.data == NULL) { >+ const char *dn_str = ldb_dn_get_linearized(dn); >+ ldb_asprintf_errstring(ldb_module_get_ctx(module), >+ __location__ >+ ": Failed to get casefold DN" >+ "from: %s", >+ dn_str); >+ return LDB_ERR_OPERATIONS_ERROR; >+ } > val.length = strlen((char *)val.data); > key = ltdb_index_key(ldb, ltdb, attr, &val, NULL, truncation); > if (!key) { >diff --git a/selftest/knownfail.d/ldb.base b/selftest/knownfail.d/ldb.base >deleted file mode 100644 >index 6018160..0000000 >--- a/selftest/knownfail.d/ldb.base >+++ /dev/null >@@ -1 +0,0 @@ >-^ldb.base >\ No newline at end of file >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14113">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13374
: 14113 |
14206
|
14207
|
14208
|
14267
|
14270
|
14271
|
14272
|
14273
|
14274
|
14275
|
14276
|
14278
|
14279
|
14282
|
14283
|
14289
|
14290
|
14295
|
14296
|
14297
|
14316
|
14317
|
14418
|
14419