From e5e55afa0ea77d529f6546dd6714473d59853704 Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Wed, 30 Mar 2022 18:07:23 +0200
Subject: [PATCH] Issue 5242- Craft message may crash the server (#5243)
Bug description:
A craft request can result in DoS
Fix description:
If the server fails to decode the ber value
then return an Error
relates: 5242
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
Platforms tested: F34
---
ldap/servers/slapd/filter.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
index 393a4dceef..17b71bd42c 100644
--- a/ldap/servers/slapd/filter.c
+++ b/ldap/servers/slapd/filter.c
@@ -623,8 +623,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
}
}
- if ((tag != LBER_ERROR) && (len != -1)) {
- goto parsing_error;
+ if (tag == LBER_ERROR) {
+ if (len == -1) {
+ /* means that the ber sequence ended without LBER_END_OF_SEQORSET tag
+ * and it is considered as valid to ensure compatibility with open ldap.
+ */
+ } else {
+ goto parsing_error;
+ }
}
slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);
distrib
>
Mageia
>
cauldron
>
i586
>
media
>
core-release-src
>
by-pkgid
>
732478559878f4e8d18ebfa35b8d5200
>
files
>
14
