git.samba.org - gary/samba-autobuild/.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 14 Aug 2018 22:44:03 +0000 (10:44 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 15 Aug 2018 05:08:24 +0000 (07:08 +0200)
commit	28e2a518ff3233f49f1b61210754d044c670087b
tree	249111173467c392bc59ad5f028890c92a86658f	tree
parent	aa01203ff51ec49dfdfeed6ab02bbe0cb3198d70	commit \| diff

dns_server: Avoid ldb_dn_add_child_fmt() on untrusted input

By using the new ldb_dn_add_child_val() we ensure that the user-controlled values are
not parsed as DN seperators.

Additionally, the casefold DN is obtained before the search to trigger
a full parse of the DN before being handled to the LDB search.

This is not normally required but is done here due to the nature
of the untrusted input.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

source4/dns_server/dlz_bind9.c		diff \| blob \| history
source4/dns_server/dnsserver_common.c		diff \| blob \| history
source4/rpc_server/dnsserver/dnsdb.c		diff \| blob \| history
source4/rpc_server/dnsserver/dnsutils.c		diff \| blob \| history