andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0019-Issue-5242-Craft-message-may-crash-the-server-5243.patch

07ea61
From c7f4542fade3d06c8725d0c2976d81f5206719c4 Mon Sep 17 00:00:00 2001
07ea61
From: tbordaz <tbordaz@redhat.com>
07ea61
Date: Wed, 30 Mar 2022 18:07:23 +0200
07ea61
Subject: [PATCH 2/2] Issue 5242- Craft message may crash the server (#5243)
07ea61
07ea61
Bug description:
07ea61
	A craft request can result in DoS
07ea61
07ea61
Fix description:
07ea61
	If the server fails to decode the ber value
07ea61
	then return an Error
07ea61
07ea61
relates: 5242
07ea61
07ea61
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
07ea61
07ea61
Platforms tested:  F34
07ea61
---
07ea61
 ldap/servers/slapd/filter.c | 10 ++++++++--
07ea61
 1 file changed, 8 insertions(+), 2 deletions(-)
07ea61
07ea61
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
07ea61
index d671c87ff..52fd95750 100644
07ea61
--- a/ldap/servers/slapd/filter.c
07ea61
+++ b/ldap/servers/slapd/filter.c
07ea61
@@ -647,8 +647,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
07ea61
         }
07ea61
     }
07ea61
 
07ea61
-    if ((tag != LBER_ERROR) && (len != -1)) {
07ea61
-        goto parsing_error;
07ea61
+    if (tag == LBER_ERROR) {
07ea61
+        if (len == -1) {
07ea61
+            /* means that the ber sequence ended without  LBER_END_OF_SEQORSET tag
07ea61
+             * and it is considered as valid to ensure compatibility with open ldap.
07ea61
+             */
07ea61
+        } else {
07ea61
+            goto parsing_error;
07ea61
+        }
07ea61
     }
07ea61
 
07ea61
     slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);
07ea61
-- 
07ea61
2.31.1
07ea61