| commit | a36db4fceb3235047f190f6d23841394b17aafec | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Mon, 21 May 2018 03:20:26 +0000 (21 15:20 +1200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Sat, 11 Aug 2018 06:16:04 +0000 (11 08:16 +0200) | ||
| tree | 5f1db954bc67128427b535d64c896c3a76c273eb | treesnapshot (tar.gz zip) |
| parent | 7331723918018a40904ab7339b051e7ebb136a6e | commitdiff |
CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use
ldb_dn_from_ldb_val() does not validate this untrusted input, so a later
call to ldb_dn_get_casefold() can fail if the input is not valid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
ldb_dn_from_ldb_val() does not validate this untrusted input, so a later
call to ldb_dn_get_casefold() can fail if the input is not valid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
| lib/ldb/ldb_tdb/ldb_index.c | diffblobblamehistory |