New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sysdb: sanitize search filter input - backport sssd-1-14 #497

Closed
wants to merge 1 commit into
base: sssd-1-14
from

Conversation

Projects
None yet
3 participants
@sumit-bose
Contributor

sumit-bose commented Jan 22, 2018

Backport of commit 1f2662c

@fidencio

This comment has been minimized.

Contributor

fidencio commented Jan 22, 2018

@sumit-bose, seems that this PR is exactly the same as #496. If that's the case, would you mind closing one of them?

@sumit-bose

This comment has been minimized.

Contributor

sumit-bose commented Jan 22, 2018

@fidencio, the number of templates in SYSDB_PWUPN_FILTER changed and because of that that patch cannot be cherry-picked to sssd-1-13 without a change.

@fidencio fidencio changed the title from sysdb: sanitize search filter input to sysdb: sanitize search filter input - backport sssd-1-14 Jan 22, 2018

@fidencio fidencio self-assigned this Jan 29, 2018

@fidencio

This comment has been minimized.

Contributor

fidencio commented Jan 29, 2018

Both the patch and the test that is together work as expected!

fidencio added a commit to fidencio/fleet-commander-vagans that referenced this pull request Jan 29, 2018

builder: Enable fidencio's SSSD copr
This is just a workaround while we don't have PRs #495 and #497 merged
and backported to Fedora.

PR #495: SSSD/sssd#495
PR #497: SSSD/sssd#497

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
@lslebodn

This comment has been minimized.

Contributor

lslebodn commented Feb 21, 2018

I know we started discussion as part of #496 but I firstly backported patches + sysdb unit tests to 1.14 branch.

https://github.com/lslebodn/sssd/tree/cve_backport_1.14

Related sysdb functions are almost the same as in master branch.
I did not include afadeb1 into 1.14 because it is not related to
CVE fix. But we were backporting UPN fixes to 1.13 so we might backport that commit in different PR

And there is also missing ba926c9 because it was related to multiple results for searches by certificate which is only in 1.15 as a feature.

@sumit-bose Could you check PR before I'll backport patches to 1.13?

@sumit-bose

This comment has been minimized.

Contributor

sumit-bose commented Feb 21, 2018

@lslebodn, thank you for backporting. The selected patches are looking good. Can you add a comment to the related UPN PRs about afadeb1?

@lslebodn

This comment has been minimized.

Contributor

lslebodn commented Feb 21, 2018

@lslebodn, thank you for backporting. The selected patches are looking good.

Thank you for checking. I'll push patches + create backport for 1.13

Can you add a comment to the related UPN PRs about afadeb1?

done

@lslebodn

This comment has been minimized.

Contributor

lslebodn commented Feb 21, 2018

@lslebodn lslebodn closed this Feb 21, 2018

@lslebodn lslebodn added the Pushed label Feb 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment