search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: a74571b) | patch
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed
commit1cfaa078ffcbd915f8494cd98b375dd2598010ec
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Thu, 23 Feb 2023 21:03:25 +0000 (24 10:03 +1300)
committerJule Anger <janger@samba.org>
Mon, 20 Mar 2023 09:03:38 +0000 (20 10:03 +0100)
tree615db75d3ad4dae36b0a6ff4e801ec57eb9b666etree | snapshot (tar.gz zip)
parenta74571b49f5476cde430f11cd7bc256f17925fe8commit | diff
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed

In the unlikely case that someone adds a confidential indexed attribute
to the schema, LDAP search expressions on that attribute could disclose
information via timing differences. Let's not use the index for searches
on confidential attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/samdb/ldb_modules/extended_dn_in.c diff | blob | blame | history
source4/dsdb/schema/schema_description.c diff | blob | blame | history
source4/dsdb/schema/schema_init.c diff | blob | blame | history
source4/dsdb/schema/schema_set.c diff | blob | blame | history
Samba GIT mirror