CVE-2018-10919 tests: test ldap searches for non-existent attributes.

It is perfectly legal to search LDAP for an attribute that is not part of the schema. That part of the query should simply not match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
author: Gary Lockyer <gary@catalyst.net.nz> 2018-08-03 15:51:28 +1200
committer: Karolin Seeger <kseeger@samba.org> 2018-08-11 08:16:02 +0200
commit: 7016bfd31abc16b6d190ec9b6c9be4b0fb1d3a69 (patch)
tree: e1be11f12640ad11fc0087f1793b75224ffac479
parent: a90cb03e19e06eeb32536d02c111bdb0bc3d927d (diff)
download: samba-7016bfd31abc16b6d190ec9b6c9be4b0fb1d3a69.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py
index 4235541fdbe..2514d0a9d72 100755
--- a/source4/dsdb/tests/python/ldap.py
+++ b/source4/dsdb/tests/python/ldap.py
@@ -599,6 +599,15 @@ class BasicTests(samba.tests.TestCase):
         except LdbError, (num, _):
             self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE)
 
+        #
+        # When searching the unknown attribute should be ignored
+        expr = "(|(cn=ldaptestgroup)(thisdoesnotexist=x))"
+        res = ldb.search(base=self.base_dn,
+                         expression=expr,
+                         scope=SCOPE_SUBTREE)
+        self.assertTrue(len(res) == 1,
+                        "Search including unknown attribute failed")
+
         delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
 
         # attributes not in objectclasses and mandatory attributes missing test
author	Gary Lockyer <gary@catalyst.net.nz>	2018-08-03 15:51:28 +1200
committer	Karolin Seeger <kseeger@samba.org>	2018-08-11 08:16:02 +0200
commit	7016bfd31abc16b6d190ec9b6c9be4b0fb1d3a69 (patch)
tree	e1be11f12640ad11fc0087f1793b75224ffac479
parent	a90cb03e19e06eeb32536d02c111bdb0bc3d927d (diff)
download	samba-7016bfd31abc16b6d190ec9b6c9be4b0fb1d3a69.tar.gz