From c62bd66b84defc73465e5f16f230f1855fb3bde3 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Tue, 19 Feb 2019 10:26:25 +1300 Subject: CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer --- lib/ldb/common/ldb_match.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index fc1d6001a19..5326b009077 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, uint8_t *save_p = NULL; unsigned int c = 0; + if (tree->operation != LDB_OP_SUBSTRING) { + *matched = false; + return LDB_ERR_INAPPROPRIATE_MATCHING; + } + a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr); if (!a) { return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; -- cgit v1.2.1