Univention Bugzilla – Bug 42262
Improve LDAP search filter for libunivention-license
Last modified: 2017-06-19 10:55:32 CEST
Created attachment 7979 [details] Log The ldapsearch from the current licence check from libunivention-license seems to be too extensive. For a project where we implemented restrictive ACL's the licence check runs into limits. Attached a anonymised log & a patch.
Created attachment 7980 [details] Patch
Note: The LDAP filter is not escaped and allow arbitrary search filter injections, e.g.: univention.license.select(')(objectClass=*')
This has been fixed during Bug #35157 in UCS 4.1-4. @Michel, or do you need to have this for UCS 3.3? *** This bug has been marked as a duplicate of bug 35157 ***
@Michel, reopen if you need this for UCS 3.3 <http://errata.software-univention.de/ucs/4.1/352.html>