Resoves: #448831

Summary: attacker can tie up CPU in regex code Description: when substring search is requested, sets the time limit based upon the nsslapd-timelimit value. Pass the timelimit (time_up) to the regular expression function. When the time is up, it returns the "Timelimit exceeded" error. Note: timelimit is applied non-Directory Manager users.
author: Noriko Hosoi <nhosoi@redhat.com> 2008-06-30 17:28:16 +0000
committer: Noriko Hosoi <nhosoi@redhat.com> 2008-06-30 17:28:16 +0000
commit: ab2d605d10f34442cb561bf0d88d1e497f0eb0f4 (patch)
tree: b9f44d6f67ea199e2e2edef09ce29fba6c275e39 /ldap/servers/plugins/acl
parent: 70425fbcea96d1b477fea27eca67fb7e828c446e (diff)
download: ds-ab2d605d10f34442cb561bf0d88d1e497f0eb0f4.tar.gz
ds-ab2d605d10f34442cb561bf0d88d1e497f0eb0f4.tar.xz
ds-ab2d605d10f34442cb561bf0d88d1e497f0eb0f4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 120e70db..5262ca3e 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -3253,7 +3253,7 @@ acl_match_substring ( Slapi_Filter *f, char *str, int exact_match)
 	** matching, it seems that step() is leaking 1036 bytes/search	
 	** I couldn't figure out why it's leaking.
 	*/
-	rc = slapd_re_exec( realval );
+	rc = slapd_re_exec( realval, -1 /* no timelimit */ );
 
 	slapd_re_unlock();
author	Noriko Hosoi <nhosoi@redhat.com>	2008-06-30 17:28:16 +0000
committer	Noriko Hosoi <nhosoi@redhat.com>	2008-06-30 17:28:16 +0000
commit	ab2d605d10f34442cb561bf0d88d1e497f0eb0f4 (patch)
tree	b9f44d6f67ea199e2e2edef09ce29fba6c275e39 /ldap/servers/plugins/acl
parent	70425fbcea96d1b477fea27eca67fb7e828c446e (diff)
download	ds-ab2d605d10f34442cb561bf0d88d1e497f0eb0f4.tar.gz ds-ab2d605d10f34442cb561bf0d88d1e497f0eb0f4.tar.xz ds-ab2d605d10f34442cb561bf0d88d1e497f0eb0f4.zip