aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ldb/ldb_tdb/ldb_search.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2018-05-21 15:23:53 +1200
committerKarolin Seeger <kseeger@samba.org>2018-08-11 08:16:04 +0200
commitebc3a1a137f0182d5c0b2b60d65578864b441e54 (patch)
tree663f446fc3806ad9b9cfd8bcb50156e50049c417 /lib/ldb/ldb_tdb/ldb_search.c
parenta36db4fceb3235047f190f6d23841394b17aafec (diff)
downloadsamba-ebc3a1a137f0182d5c0b2b60d65578864b441e54.tar.gz
samba-ebc3a1a137f0182d5c0b2b60d65578864b441e54.tar.xz
samba-ebc3a1a137f0182d5c0b2b60d65578864b441e54.zip
CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search
This ensures we fail with a good error code before an eventual ldb_dn_get_casefold() which would otherwise fail. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
Diffstat (limited to 'lib/ldb/ldb_tdb/ldb_search.c')
-rw-r--r--lib/ldb/ldb_tdb/ldb_search.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c
index 02890862cf7..d14be0febd4 100644
--- a/lib/ldb/ldb_tdb/ldb_search.c
+++ b/lib/ldb/ldb_tdb/ldb_search.c
@@ -295,6 +295,14 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes
};
TALLOC_CTX *tdb_key_ctx = NULL;
+ bool valid_dn = ldb_dn_validate(dn);
+ if (valid_dn == false) {
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "Invalid Base DN: %s",
+ ldb_dn_get_linearized(dn));
+ return LDB_ERR_INVALID_DN_SYNTAX;
+ }
+
if (ltdb->cache->GUID_index_attribute == NULL) {
tdb_key_ctx = talloc_new(msg);
if (!tdb_key_ctx) {
@@ -803,6 +811,14 @@ int ltdb_search(struct ltdb_context *ctx)
ldb_dn_get_linearized(req->op.search.base));
}
+ } else if (ldb_dn_validate(req->op.search.base) == false) {
+
+ /* We don't want invalid base DNs here */
+ ldb_asprintf_errstring(ldb,
+ "Invalid Base DN: %s",
+ ldb_dn_get_linearized(req->op.search.base));
+ ret = LDB_ERR_INVALID_DN_SYNTAX;
+
} else {
/* If we are not checking the base DN life is easy */
ret = LDB_SUCCESS;