Univention Bugzilla – Attachment 10341 Details for
Bug 51183
openldap: security issue (4.4)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440.patch
98464c11df8247d6a11b52e294ba5dd4f0380440.patch (text/plain), 2.87 KB, created by
Arvid Requate
on 2020-04-29 11:08 CEST
(
hide
)
Description:
https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2020-04-29 11:08 CEST
Size:
2.87 KB
patch
obsolete
>From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001 >From: Howard Chu <hyc@openldap.org> >Date: Thu, 16 Apr 2020 01:08:19 +0100 >Subject: [PATCH] ITS#9202 limit depth of nested filters > >Using a hardcoded limit for now; no reasonable apps >should ever run into it. >--- > servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++--------- > 1 file changed, 32 insertions(+), 9 deletions(-) > >diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c >index 3252cf2a7..ed57bbd7b 100644 >--- a/servers/slapd/filter.c >+++ b/servers/slapd/filter.c >@@ -37,11 +37,16 @@ > const Filter *slap_filter_objectClass_pres; > const struct berval *slap_filterstr_objectClass_pres; > >+#ifndef SLAPD_MAX_FILTER_DEPTH >+#define SLAPD_MAX_FILTER_DEPTH 5000 >+#endif >+ > static int get_filter_list( > Operation *op, > BerElement *ber, > Filter **f, >- const char **text ); >+ const char **text, >+ int depth ); > > static int get_ssa( > Operation *op, >@@ -80,12 +85,13 @@ filter_destroy( void ) > return; > } > >-int >-get_filter( >+static int >+get_filter0( > Operation *op, > BerElement *ber, > Filter **filt, >- const char **text ) >+ const char **text, >+ int depth ) > { > ber_tag_t tag; > ber_len_t len; >@@ -126,6 +132,11 @@ get_filter( > * > */ > >+ if( depth > SLAPD_MAX_FILTER_DEPTH ) { >+ *text = "filter nested too deeply"; >+ return SLAPD_DISCONNECT; >+ } >+ > tag = ber_peek_tag( ber, &len ); > > if( tag == LBER_ERROR ) { >@@ -221,7 +232,7 @@ get_filter( > > case LDAP_FILTER_AND: > Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); >- err = get_filter_list( op, ber, &f.f_and, text ); >+ err = get_filter_list( op, ber, &f.f_and, text, depth+1 ); > if ( err != LDAP_SUCCESS ) { > break; > } >@@ -234,7 +245,7 @@ get_filter( > > case LDAP_FILTER_OR: > Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); >- err = get_filter_list( op, ber, &f.f_or, text ); >+ err = get_filter_list( op, ber, &f.f_or, text, depth+1 ); > if ( err != LDAP_SUCCESS ) { > break; > } >@@ -248,7 +259,7 @@ get_filter( > case LDAP_FILTER_NOT: > Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); > (void) ber_skip_tag( ber, &len ); >- err = get_filter( op, ber, &f.f_not, text ); >+ err = get_filter0( op, ber, &f.f_not, text, depth+1 ); > if ( err != LDAP_SUCCESS ) { > break; > } >@@ -311,10 +322,22 @@ get_filter( > return( err ); > } > >+int >+get_filter( >+ Operation *op, >+ BerElement *ber, >+ Filter **filt, >+ const char **text ) >+{ >+ return get_filter0( op, ber, filt, text, 0 ); >+} >+ >+ > static int > get_filter_list( Operation *op, BerElement *ber, > Filter **f, >- const char **text ) >+ const char **text, >+ int depth ) > { > Filter **new; > int err; >@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber, > tag != LBER_DEFAULT; > tag = ber_next_element( ber, &len, last ) ) > { >- err = get_filter( op, ber, new, text ); >+ err = get_filter0( op, ber, new, text, depth ); > if ( err != LDAP_SUCCESS ) > return( err ); > new = &(*new)->f_next; >-- >2.26.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 51183
: 10341