From e5e55afa0ea77d529f6546dd6714473d59853704 Mon Sep 17 00:00:00 2001 From: tbordaz <tbordaz@redhat.com> Date: Wed, 30 Mar 2022 18:07:23 +0200 Subject: [PATCH] Issue 5242- Craft message may crash the server (#5243) Bug description: A craft request can result in DoS Fix description: If the server fails to decode the ber value then return an Error relates: 5242 Reviewed by: Pierre Rogier, Mark Reynolds (thanks !) Platforms tested: F34 --- ldap/servers/slapd/filter.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c index 393a4dceef..17b71bd42c 100644 --- a/ldap/servers/slapd/filter.c +++ b/ldap/servers/slapd/filter.c @@ -623,8 +623,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf) } } - if ((tag != LBER_ERROR) && (len != -1)) { - goto parsing_error; + if (tag == LBER_ERROR) { + if (len == -1) { + /* means that the ber sequence ended without LBER_END_OF_SEQORSET tag + * and it is considered as valid to ensure compatibility with open ldap. + */ + } else { + goto parsing_error; + } } slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);