git.samba.org - samba.git/commit

author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Wed, 3 Mar 2021 06:17:36 +0000 (19:17 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 10 Mar 2021 08:42:33 +0000 (08:42 +0000)
commit	cc098f1cad04b2cfec4ddd6b2511cd5a600f31c6
tree	3791c4721831d06d9074e105c0d94da6e8e87aa5	tree
parent	d7e620ff41d6583b5554c03abaac6c4c183d5146	commit \| diff

ldb_match: trailing chunk must match end of string

A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).

We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).

With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.

See https://tools.ietf.org/html/rfc4517

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>