andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0035-Issue-5242-Craft-message-may-crash-the-server-5243.patch

7a6e0a
From 3854c402d06028b63e593463f34bb8d76dc42973 Mon Sep 17 00:00:00 2001
7a6e0a
From: tbordaz <tbordaz@redhat.com>
7a6e0a
Date: Wed, 30 Mar 2022 18:07:23 +0200
7a6e0a
Subject: [PATCH 1/4] Issue 5242- Craft message may crash the server (#5243)
7a6e0a
7a6e0a
Bug description:
7a6e0a
	A craft request can result in DoS
7a6e0a
7a6e0a
Fix description:
7a6e0a
	If the server fails to decode the ber value
7a6e0a
	then return an Error
7a6e0a
7a6e0a
relates: 5242
7a6e0a
7a6e0a
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
7a6e0a
7a6e0a
Platforms tested:  F34
7a6e0a
---
7a6e0a
 ldap/servers/slapd/filter.c | 10 ++++++++--
7a6e0a
 1 file changed, 8 insertions(+), 2 deletions(-)
7a6e0a
7a6e0a
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
7a6e0a
index 8e21b34c3..e86946387 100644
7a6e0a
--- a/ldap/servers/slapd/filter.c
7a6e0a
+++ b/ldap/servers/slapd/filter.c
7a6e0a
@@ -644,8 +644,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
7a6e0a
         }
7a6e0a
     }
7a6e0a
 
7a6e0a
-    if ((tag != LBER_ERROR) && (len != -1)) {
7a6e0a
-        goto parsing_error;
7a6e0a
+    if (tag == LBER_ERROR) {
7a6e0a
+        if (len == -1) {
7a6e0a
+            /* means that the ber sequence ended without  LBER_END_OF_SEQORSET tag
7a6e0a
+             * and it is considered as valid to ensure compatibility with open ldap.
7a6e0a
+             */
7a6e0a
+        } else {
7a6e0a
+            goto parsing_error;
7a6e0a
+        }
7a6e0a
     }
7a6e0a
 
7a6e0a
     slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);
7a6e0a
-- 
7a6e0a
2.31.1
7a6e0a