Bug 42262
| Summary: | Improve LDAP search filter for libunivention-license | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Michel Smidt <michelsmidt> |
| Component: | License | Assignee: | Felix Botner <botner> |
| Status: | CLOSED DUPLICATE | QA Contact: | Florian Best <best> |
| Severity: | normal | ||
| Priority: | P5 | CC: | best, gohmann, sieverdingbeck |
| Version: | UCS 3.2 | Flags: | michelsmidt:
Patch_Available+
|
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 2: Improvement: Would be a product improvement |
| Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 4: A User would return the product |
| User Pain: | 0.046 | Enterprise Customer affected?: | Yes |
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Attachments: |
Log
Patch |
||
Created attachment 7980 [details]
Patch
Note: The LDAP filter is not escaped and allow arbitrary search filter injections, e.g.:
univention.license.select(')(objectClass=*')
This has been fixed during Bug #35157 in UCS 4.1-4. @Michel, or do you need to have this for UCS 3.3? *** This bug has been marked as a duplicate of bug 35157 *** @Michel, reopen if you need this for UCS 3.3 <http://errata.software-univention.de/ucs/4.1/352.html> |
Created attachment 7979 [details] Log The ldapsearch from the current licence check from libunivention-license seems to be too extensive. For a project where we implemented restrictive ACL's the licence check runs into limits. Attached a anonymised log & a patch.