The Samba-Bugzilla – Attachment 14274 Details for
Bug 13374
[SECURITY] CVE-2018-1140 ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
additional API test patch for master
0001-ldb-extend-API-tests.patch (text/plain), 3.73 KB, created by
Andrew Bartlett
on 2018-07-04 02:23:36 UTC
(
hide
)
Description:
additional API test patch for master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-07-04 02:23:36 UTC
Size:
3.73 KB
patch
obsolete
>From e158ca88f4754e7673eb6d77c165a358b23bb9b1 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Wed, 4 Jul 2018 13:26:16 +1200 >Subject: [PATCH] ldb: extend API tests > >These additional API tests just check that an invalid base DN >is never accepted. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/tests/python/api.py | 47 ++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 44 insertions(+), 3 deletions(-) > >diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py >index e4010960697..471d70fc521 100755 >--- a/lib/ldb/tests/python/api.py >+++ b/lib/ldb/tests/python/api.py >@@ -1309,6 +1309,41 @@ class SearchTests(LdbBaseTest): > expression="(distinguishedName=OU=OU1,DC=SAMBA,DCXXXX)") > self.assertEqual(len(res11), 0) > >+ def test_bad_dn_search_base(self): >+ """Testing with a bad base DN (SCOPE_BASE)""" >+ >+ try: >+ res11 = self.l.search(base="OU=OU1,DC=SAMBA,DCXXX", >+ scope=ldb.SCOPE_BASE) >+ self.fail("Should have failed with ERR_INVALID_DN_SYNTAX") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ >+ >+ def test_bad_dn_search_one(self): >+ """Testing with a bad base DN (SCOPE_ONELEVEL)""" >+ >+ try: >+ res11 = self.l.search(base="DC=SAMBA,DCXXXX", >+ scope=ldb.SCOPE_ONELEVEL) >+ self.fail("Should have failed with ERR_INVALID_DN_SYNTAX") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ >+ def test_bad_dn_search_subtree(self): >+ """Testing with a bad base DN (SCOPE_SUBTREE)""" >+ >+ try: >+ res11 = self.l.search(base="DC=SAMBA,DCXXXX", >+ scope=ldb.SCOPE_SUBTREE) >+ self.fail("Should have failed with ERR_INVALID_DN_SYNTAX") >+ except ldb.LdbError as err: >+ enum = err.args[0] >+ self.assertEqual(enum, ldb.ERR_INVALID_DN_SYNTAX) >+ >+ > > # Run the search tests against an lmdb backend > class SearchTestsLmdb(SearchTests): >@@ -1375,8 +1410,10 @@ class IndexedAndOneLevelDNFilterSearchTests(SearchTests): > def setUp(self): > super(IndexedAndOneLevelDNFilterSearchTests, self).setUp() > self.l.add({"dn": "@OPTIONS", >- "disallowDNFilter": "TRUE"}) >+ "disallowDNFilter": "TRUE", >+ "checkBaseOnSearch": "TRUE"}) > self.disallowDNFilter = True >+ self.checkBaseOnSearch = True > > self.l.add({"dn": "@INDEXLIST", > "@IDXATTR": [b"x", b"y", b"ou"], >@@ -1408,8 +1445,10 @@ class GUIDIndexedDNFilterSearchTests(SearchTests): > "@IDX_DN_GUID": [b"GUID"]} > super(GUIDIndexedDNFilterSearchTests, self).setUp() > self.l.add({"dn": "@OPTIONS", >- "disallowDNFilter": "TRUE"}) >+ "disallowDNFilter": "TRUE", >+ "checkBaseOnSearch": "TRUE"}) > self.disallowDNFilter = True >+ self.checkBaseOnSearch = True > self.IDX = True > self.IDXGUID = True > >@@ -1423,8 +1462,10 @@ class GUIDAndOneLevelIndexedSearchTests(SearchTests): > "@IDX_DN_GUID": [b"GUID"]} > super(GUIDAndOneLevelIndexedSearchTests, self).setUp() > self.l.add({"dn": "@OPTIONS", >- "disallowDNFilter": "TRUE"}) >+ "disallowDNFilter": "TRUE", >+ "checkBaseOnSearch": "TRUE"}) > self.disallowDNFilter = True >+ self.checkBaseOnSearch = True > self.IDX = True > self.IDXGUID = True > self.IDXONE = True >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13374
:
14113
|
14206
|
14207
|
14208
|
14267
|
14270
|
14271
|
14272
|
14273
|
14274
|
14275
|
14276
|
14278
|
14279
|
14282
|
14283
|
14289
|
14290
|
14295
|
14296
|
14297
|
14316
|
14317
|
14418
|
14419