diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2016-04-11 14:46:47 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-04-12 23:25:07 +0200 |
commit | 22eead9590e11c7adab33ec5ab8b46d3c3cb4406 (patch) | |
tree | 872e7946bcfd93f11b28c2e659a7e12c22c793e8 /src/providers/ipa/ipa_subdomains_ext_groups.c | |
parent | bdd533146cb2da71b7c39ad0efa2e5baca7257eb (diff) | |
download | sssd-22eead9590e11c7adab33ec5ab8b46d3c3cb4406.tar.gz sssd-22eead9590e11c7adab33ec5ab8b46d3c3cb4406.tar.xz sssd-22eead9590e11c7adab33ec5ab8b46d3c3cb4406.zip |
IPA: Check RDN in ipa_add_ad_memberships_get_next
LDB functions ldb_dn_get_component_val and ldb_dn_get_rdn_val
validate dn before returning component value.
It should be valid DN according to RFC4514.
IPA/389ds might return problematic DN due to replication conflicts.
e.g. "cn=System: Read Service Delegations+nsuniqueid=b0736336-d06e11e5-8e8acabe-ce8d458d,cn=permissions,dc=example,dc=com"
It's better to check return value of these LDb function rather than
crash because of dereference of NULL pointer.
Resolves:
https://fedorahosted.org/sssd/ticket/2980
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_subdomains_ext_groups.c')
-rw-r--r-- | src/providers/ipa/ipa_subdomains_ext_groups.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index 8e006663a..a8ba4dfe8 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -862,7 +862,13 @@ static void ipa_add_ad_memberships_get_next(struct tevent_req *req) goto fail; } - val = ldb_dn_get_component_val(group_dn, 0); + val = ldb_dn_get_rdn_val(group_dn); + if (val == NULL || val->data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Invalid group DN [%s].\n", state->groups[state->iter]); + ret = EINVAL; + goto fail; + } /* TODO: here is would be useful for have a filter type like BE_FILTER_DN to * directly fetch the group with the corresponding DN. */ |