CVE-2019-3824 ldb: wildcard_match check tree operation

Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
author: Gary Lockyer <gary@catalyst.net.nz> 2019-02-19 10:26:25 +1300
committer: Stefan Metzmacher <metze@samba.org> 2019-02-26 12:15:12 +0100
commit: c62bd66b84defc73465e5f16f230f1855fb3bde3 (patch)
tree: 2cf15ad603237a6a297e99544e433c75a3ad0747
parent: e71cdbe57b5c86e597f1c007c07c66df652038c5 (diff)
download: samba-c62bd66b84defc73465e5f16f230f1855fb3bde3.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index fc1d6001a19..5326b009077 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
 	uint8_t *save_p = NULL;
 	unsigned int c = 0;
 
+	if (tree->operation != LDB_OP_SUBSTRING) {
+		*matched = false;
+		return LDB_ERR_INAPPROPRIATE_MATCHING;
+	}
+
 	a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
 	if (!a) {
 		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
author	Gary Lockyer <gary@catalyst.net.nz>	2019-02-19 10:26:25 +1300
committer	Stefan Metzmacher <metze@samba.org>	2019-02-26 12:15:12 +0100
commit	c62bd66b84defc73465e5f16f230f1855fb3bde3 (patch)
tree	2cf15ad603237a6a297e99544e433c75a3ad0747
parent	e71cdbe57b5c86e597f1c007c07c66df652038c5 (diff)
download	samba-c62bd66b84defc73465e5f16f230f1855fb3bde3.tar.gz