12994 – Missing LDAP query escapes in DNS rpc server

Bug 12994 - Missing LDAP query escapes in DNS rpc server

Summary: Missing LDAP query escapes in DNS rpc server

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DNS server (internal) (show other bugs)
Version:	4.7.0rc4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Kai Blin
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:	12952
	Show dependency tree / graph

Reported:	2017-08-29 02:19 UTC by Andrew Bartlett
Modified:	2017-11-01 20:49 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
proposed patch for master (4.81 KB, patch) 2017-09-13 08:48 UTC, Andrew Bartlett	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2017-08-29 02:19:09 UTC

Some queries in the source4 dns management server did not correctly escape the user-controlled aspect of the LDAP filter.

Comment 1 Andrew Bartlett 2017-09-13 08:46:50 UTC

To be clear, this is not a security issue, as the access is as the authenticated
user who could just bind to LDAP directly.

Comment 2 Andrew Bartlett 2017-09-13 08:48:01 UTC

Created attachment 13590 [details]
proposed patch for master

I just need to stop the samba-tool dns tests from assuming this behaviour before I push this reviewed patch.

Comment 3 Garming Sam 2017-11-01 20:49:57 UTC

Fixed in 9e9a8d8f887a3b13d06a7cc71edad78c140bb0be and also backported to 4.7 in https://bugzilla.samba.org/show_bug.cgi?id=12952