samba.git/libcli/ldap, branch talloc-2.3.2 Unnamed repository; edit this file 'description' to name the repository. libcli: Use GUID_to_ndr_buf() in ldap_encode_ndr_GUID() 2020-10-02T21:30:33+00:00 Volker Lendecke vl@samba.org 2020-09-29T08:13:20+00:00 77877cfed19ea98bfac3ba43529589f4cdd33714 Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Avoid a talloc/free

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/ldap: Fix CID 1462695 Resource leak 2020-08-06T19:00:36+00:00 Volker Lendecke vl@samba.org 2020-08-05T09:25:27+00:00 1b139de552e162ce6a7673b74b7778dfc5a06b51 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/ldap: Fix CID 1462696 Resource leak 2020-08-06T19:00:36+00:00 Volker Lendecke vl@samba.org 2020-08-05T09:23:30+00:00 de2a7574e8a0ed1fd41f707788f3e04647022dff Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/ldap: Fix CID 1465278 Resource leak 2020-08-06T19:00:36+00:00 Volker Lendecke vl@samba.org 2020-08-05T09:18:35+00:00 41beb510bee3c7f1ebaba49ee1ceba07f6de78ba Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/ldap: Fix decoding struct ldap_ExtendedResponse 2020-07-09T20:16:40+00:00 Volker Lendecke vl@samba.org 2020-06-23T17:09:28+00:00 0bb1488d315e93162eae433f869c1ddabea722c0 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
libcli/ldap: Test decoding an exop response 2020-07-09T20:16:40+00:00 Volker Lendecke vl@samba.org 2020-06-23T17:14:37+00:00 60b0928945c9be3785b5e2855b066f9f97beb2df ldap-starttls-response.dat is a reply to a starttls extended operation. Right now ldap_decode() does not handle this correctly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
ldap-starttls-response.dat is a reply to a starttls extended
operation. Right now ldap_decode() does not handle this correctly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
libcli ldap tests: remove use of zero length array 2020-06-23T02:15:35+00:00 Gary Lockyer gary@catalyst.net.nz 2020-06-22T01:42:56+00:00 d701bc1518766f36b1c7a3a00a82485098a8ee3d libcli/ldap/tests/ldap_message_test.c defines a zero length array (uint8_t buf[0]), which is a GCC extension and breaks the build with some strict compilers like xlc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184 
libcli/ldap/tests/ldap_message_test.c defines a zero length array
(uint8_t buf[0]), which is a GCC extension and breaks the build with
some strict compilers like xlc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184
CVE-2020-10704 libcli ldap: Check search request lengths. 2020-05-04T04:40:10+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-07T22:46:44+00:00 bac809348a7313a5a5a53866848e7b6b56665f43 Check the search request lengths against the limits passed to ldap_decode. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 4 04:40:10 UTC 2020 on sn-devel-184 
Check the search request lengths against the limits passed to
ldap_decode.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  4 04:40:10 UTC 2020 on sn-devel-184
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode 2020-05-04T02:59:32+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-07T20:49:23+00:00 3149ea0a8aada3b03d1ca0af2e3a0f6304cda43b Add search request size limits to ldap_decode calls. The ldap server uses the smb.conf variable "ldap max search request size" which defaults to 250Kb. For cldap the limit is hard coded as 4096. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree 2020-05-04T02:59:32+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-02T02:25:53+00:00 b0832d20163146e59586de5556a3ef75187f600f Add tests to check that ASN.1 ldap requests with deeply nested elements are rejected. Previously there was no check on the on the depth of nesting and excessive nesting could cause a stack overflow. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected.  Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>