The Samba-Bugzilla – Bug 12994
Missing LDAP query escapes in DNS rpc server
Last modified: 2017-11-01 20:49:57 UTC
Some queries in the source4 dns management server did not correctly escape the user-controlled aspect of the LDAP filter.
To be clear, this is not a security issue, as the access is as the authenticated
user who could just bind to LDAP directly.
Created attachment 13590 [details]
proposed patch for master
I just need to stop the samba-tool dns tests from assuming this behaviour before I push this reviewed patch.
Fixed in 9e9a8d8f887a3b13d06a7cc71edad78c140bb0be and also backported to 4.7 in https://bugzilla.samba.org/show_bug.cgi?id=12952