CVE-2019-3824 ldb: wildcard_match check tree operation

Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 34383981a0c40860f71a4451ff8fd752e1b67666)
author: Gary Lockyer <gary@catalyst.net.nz> 2019-02-19 10:26:25 +1300
committer: Stefan Metzmacher <metze@samba.org> 2019-02-26 13:00:12 +0100
commit: 41fd2cde0c7e422381c7ae62296b1767feec9dcb (patch)
tree: db0076993ce3704e3210460d03edcd4ac2c714ba /lib
parent: 9a0ace323908104b01840c4ff3e01376d20cb5c3 (diff)
download: samba-41fd2cde0c7e422381c7ae62296b1767feec9dcb.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index ab0a89888f0..59f48b52b70 100644
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb,
 	uint8_t *save_p = NULL;
 	unsigned int c = 0;
 
+	if (tree->operation != LDB_OP_SUBSTRING) {
+		*matched = false;
+		return LDB_ERR_INAPPROPRIATE_MATCHING;
+	}
+
 	a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr);
 	if (!a) {
 		return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
author	Gary Lockyer <gary@catalyst.net.nz>	2019-02-19 10:26:25 +1300
committer	Stefan Metzmacher <metze@samba.org>	2019-02-26 13:00:12 +0100
commit	41fd2cde0c7e422381c7ae62296b1767feec9dcb (patch)
tree	db0076993ce3704e3210460d03edcd4ac2c714ba /lib
parent	9a0ace323908104b01840c4ff3e01376d20cb5c3 (diff)
download	samba-41fd2cde0c7e422381c7ae62296b1767feec9dcb.tar.gz