The Samba-Bugzilla – Attachment 14386 Details for
Bug 13434
[SECURITY] CVE-2018-10919 - Confidential attribute disclosure via substring search
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
diff between the previous and current patch set
interdiff.patch (text/plain), 1.63 KB, created by
Andrew Bartlett
on 2018-08-05 22:23:48 UTC
(
hide
)
Description:
diff between the previous and current patch set
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-08-05 22:23:48 UTC
Size:
1.63 KB
patch
obsolete
>diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c >index d4ebe9b8f13..280845a47a5 100644 >--- a/source4/dsdb/samdb/ldb_modules/acl_read.c >+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c >@@ -294,10 +294,12 @@ static int check_attr_access_rights(TALLOC_CTX *mem_ctx, const char *attr_name, > > attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, attr_name); > if (!attr) { >- ldb_debug_set(ldb, LDB_DEBUG_FATAL, >- "acl_read: %s cannot find attr[%s] in schema\n", >+ ldb_debug_set(ldb, >+ LDB_DEBUG_TRACE, >+ "acl_read: %s cannot find attr[%s] in schema," >+ "ignoring\n", > ldb_dn_get_linearized(dn), attr_name); >- return LDB_ERR_OPERATIONS_ERROR; >+ return LDB_SUCCESS; > } > > /* >diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py >index 815a2c00e64..ea6f30fa5e3 100755 >--- a/source4/dsdb/tests/python/ldap.py >+++ b/source4/dsdb/tests/python/ldap.py >@@ -627,6 +627,15 @@ class BasicTests(samba.tests.TestCase): > (num, _) = e27.args > self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) > >+ # >+ # When searching the unknown attribute should be ignored >+ expr = "(|(cn=ldaptestgroup)(thisdoesnotexist=x))" >+ res = ldb.search(base=self.base_dn, >+ expression=expr, >+ scope=SCOPE_SUBTREE) >+ self.assertTrue(len(res) == 1, >+ "Search including unknown attribute failed") >+ > delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) > > # attributes not in objectclasses and mandatory attributes missing test
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13434
:
14364
|
14367
|
14368
|
14372
|
14373
|
14374
|
14376
|
14377
|
14378
|
14379
|
14380
|
14383
| 14386 |
14387
|
14388
|
14389
|
14390
|
14391
|
14392
|
14400