Bug 12994 - Missing LDAP query escapes in DNS rpc server
Summary: Missing LDAP query escapes in DNS rpc server
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: 4.7.0rc4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Kai Blin
QA Contact: Samba QA Contact
Depends on:
Blocks: 12952
  Show dependency treegraph
Reported: 2017-08-29 02:19 UTC by Andrew Bartlett
Modified: 2017-11-01 20:49 UTC (History)
1 user (show)

See Also:

proposed patch for master (4.81 KB, patch)
2017-09-13 08:48 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2017-08-29 02:19:09 UTC
Some queries in the source4 dns management server did not correctly escape the user-controlled aspect of the LDAP filter.
Comment 1 Andrew Bartlett 2017-09-13 08:46:50 UTC
To be clear, this is not a security issue, as the access is as the authenticated
user who could just bind to LDAP directly.
Comment 2 Andrew Bartlett 2017-09-13 08:48:01 UTC
Created attachment 13590 [details]
proposed patch for master

I just need to stop the samba-tool dns tests from assuming this behaviour before I push this reviewed patch.
Comment 3 Garming Sam 2017-11-01 20:49:57 UTC
Fixed in 9e9a8d8f887a3b13d06a7cc71edad78c140bb0be and also backported to 4.7 in https://bugzilla.samba.org/show_bug.cgi?id=12952