diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2018-08-03 15:51:28 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-13 09:13:36 +0200 |
commit | 873ccd079f2d21bba22624a79c6bf14bc38e80ad (patch) | |
tree | 22fa2701c94dfcaf99d19e6f9d641e8d20147da8 /source4 | |
parent | 924f87cb74a383f2dc1acfc33c1021d8399b5e40 (diff) | |
download | samba-873ccd079f2d21bba22624a79c6bf14bc38e80ad.tar.gz |
CVE-2018-10919 tests: test ldap searches for non-existent attributes.
It is perfectly legal to search LDAP for an attribute that is not part
of the schema. That part of the query should simply not match.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index 63eb9a5d62c..c100e9b6921 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -599,6 +599,15 @@ class BasicTests(samba.tests.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_NO_SUCH_ATTRIBUTE) + # + # When searching the unknown attribute should be ignored + expr = "(|(cn=ldaptestgroup)(thisdoesnotexist=x))" + res = ldb.search(base=self.base_dn, + expression=expr, + scope=SCOPE_SUBTREE) + self.assertTrue(len(res) == 1, + "Search including unknown attribute failed") + delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn) # attributes not in objectclasses and mandatory attributes missing test |