Skip to content
Permalink
Browse files

Bug #48427 UDN: Forbid vulnerable GET_DN for VERSION >= 3

UDL using PROTOCOL_3 must no longer use GET_DN but WAIT_DN - if it is
still used this is a protocol violation. UDL simply will not get an
answer.

When UCRV 'notifier/protocol/version is set to 3, any old client still
using PROTOCOL_2 will get rejected while negotiating the protocol
version, so it is asserted that "version >= network_procotol_version".
  • Loading branch information...
pmhahn committed Feb 13, 2019
1 parent 4d48696 commit a28053045bd2e778c50ed1acaf4e52e1e34f6e34
@@ -1,3 +1,9 @@
univention-directory-notifier (12.0.1-11) unstable; urgency=low

* Bug #48427: Forbid vulnerable GET_DN for VERSION >= 3

-- Philipp Hahn <hahn@univention.de> Wed, 13 Feb 2019 10:23:12 +0100

univention-directory-notifier (12.0.1-10) unstable; urgency=low

* Bug #48427: Change import limits
@@ -199,7 +199,7 @@ int data_on_connection(int fd, callback_remove_handler remove)
p+=strlen(network_line);


} else if ( !strncmp(network_line, "GET_DN ", strlen("GET_DN ")) && msg_id != UINT32_MAX && network_client_get_version(fd) > 0) {
} else if ( !strncmp(network_line, "GET_DN ", strlen("GET_DN ")) && msg_id != UINT32_MAX && version > PROTOCOL_UNKNOWN && version < PROTOCOL_3) {

univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, "RECV: GET_DN");

0 comments on commit a280530

Please sign in to comment.
You can’t perform that action at this time.