diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2019-02-19 10:26:25 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2019-02-26 13:00:12 +0100 |
commit | 41fd2cde0c7e422381c7ae62296b1767feec9dcb (patch) | |
tree | db0076993ce3704e3210460d03edcd4ac2c714ba /lib | |
parent | 9a0ace323908104b01840c4ff3e01376d20cb5c3 (diff) | |
download | samba-41fd2cde0c7e422381c7ae62296b1767feec9dcb.tar.gz |
CVE-2019-3824 ldb: wildcard_match check tree operation
Check the operation type of the passed parse tree, and return
LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.
A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
operation and failing ldb_wildcard_match should help prevent confusion
writing tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 34383981a0c40860f71a4451ff8fd752e1b67666)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ldb/common/ldb_match.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index ab0a89888f0..59f48b52b70 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, uint8_t *save_p = NULL; unsigned int c = 0; + if (tree->operation != LDB_OP_SUBSTRING) { + *matched = false; + return LDB_ERR_INAPPROPRIATE_MATCHING; + } + a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr); if (!a) { return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; |