Univention Bugzilla – Full Text Bug Listing |
Summary: | Improve LDAP search filter for libunivention-license | ||
---|---|---|---|
Product: | UCS | Reporter: | Michel Smidt <michelsmidt> |
Component: | License | Assignee: | Felix Botner <botner> |
Status: | CLOSED DUPLICATE | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P5 | CC: | best, gohmann, sieverdingbeck |
Version: | UCS 3.2 | Flags: | michelsmidt:
Patch_Available+
|
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 2: Improvement: Would be a product improvement |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 4: A User would return the product |
User Pain: | 0.046 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: |
Log
Patch |
Created attachment 7980 [details]
Patch
Note: The LDAP filter is not escaped and allow arbitrary search filter injections, e.g.: univention.license.select(')(objectClass=*') This has been fixed during Bug #35157 in UCS 4.1-4. @Michel, or do you need to have this for UCS 3.3? *** This bug has been marked as a duplicate of bug 35157 *** @Michel, reopen if you need this for UCS 3.3 <http://errata.software-univention.de/ucs/4.1/352.html> |
Created attachment 7979 [details] Log The ldapsearch from the current licence check from libunivention-license seems to be too extensive. For a project where we implemented restrictive ACL's the licence check runs into limits. Attached a anonymised log & a patch.