Blame SOURCES/0035-Issue-5242-Craft-message-may-crash-the-server-5243.patch
|
 |
7a6e0a |
From 3854c402d06028b63e593463f34bb8d76dc42973 Mon Sep 17 00:00:00 2001
|
|
|
7a6e0a |
From: tbordaz <tbordaz@redhat.com>
|
|
|
7a6e0a |
Date: Wed, 30 Mar 2022 18:07:23 +0200
|
|
|
7a6e0a |
Subject: [PATCH 1/4] Issue 5242- Craft message may crash the server (#5243)
|
|
|
7a6e0a |
|
|
|
7a6e0a |
Bug description:
|
|
|
7a6e0a |
A craft request can result in DoS
|
|
|
7a6e0a |
|
|
|
7a6e0a |
Fix description:
|
|
|
7a6e0a |
If the server fails to decode the ber value
|
|
|
7a6e0a |
then return an Error
|
|
|
7a6e0a |
|
|
|
7a6e0a |
relates: 5242
|
|
|
7a6e0a |
|
|
|
7a6e0a |
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
|
|
|
7a6e0a |
|
|
|
7a6e0a |
Platforms tested: F34
|
|
|
7a6e0a |
---
|
|
|
7a6e0a |
ldap/servers/slapd/filter.c | 10 ++++++++--
|
|
|
7a6e0a |
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
7a6e0a |
|
|
|
7a6e0a |
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
|
|
|
7a6e0a |
index 8e21b34c3..e86946387 100644
|
|
|
7a6e0a |
--- a/ldap/servers/slapd/filter.c
|
|
|
7a6e0a |
+++ b/ldap/servers/slapd/filter.c
|
|
|
7a6e0a |
@@ -644,8 +644,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
|
|
|
7a6e0a |
}
|
|
|
7a6e0a |
}
|
|
|
7a6e0a |
|
|
|
7a6e0a |
- if ((tag != LBER_ERROR) && (len != -1)) {
|
|
|
7a6e0a |
- goto parsing_error;
|
|
|
7a6e0a |
+ if (tag == LBER_ERROR) {
|
|
|
7a6e0a |
+ if (len == -1) {
|
|
|
7a6e0a |
+ /* means that the ber sequence ended without LBER_END_OF_SEQORSET tag
|
|
|
7a6e0a |
+ * and it is considered as valid to ensure compatibility with open ldap.
|
|
|
7a6e0a |
+ */
|
|
|
7a6e0a |
+ } else {
|
|
|
7a6e0a |
+ goto parsing_error;
|
|
|
7a6e0a |
+ }
|
|
|
7a6e0a |
}
|
|
|
7a6e0a |
|
|
|
7a6e0a |
slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);
|
|
|
7a6e0a |
--
|
|
|
7a6e0a |
2.31.1
|
|
|
7a6e0a |
|