diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2008-07-18 22:45:36 +0000 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2008-07-18 22:45:36 +0000 |
| commit | 04f8cfd493dd9fb10ed98778543edb5ba69e4476 (patch) | |
| tree | aa6b798d7e585c0da438b4cd2ff748b0a9d61dc3 /ldap | |
| parent | 8e02614813752d70a42db7c7f911e410b5b4eb4c (diff) | |
| download | ds-04f8cfd493dd9fb10ed98778543edb5ba69e4476.tar.gz ds-04f8cfd493dd9fb10ed98778543edb5ba69e4476.tar.xz ds-04f8cfd493dd9fb10ed98778543edb5ba69e4476.zip | |
Resolves: #448831
Summary: attacker can tie up CPU in regex code (comment #11)
Description: string_filter_sub always expected SLAPI_SEARCH_TIMELIMIT and
SLAPI_OPINITIATED_TIME were set in pblock, but it was not true. Fixed to check
the container of these values first, and retrieve them only if the container is
in the pblock. Otherwise, set -1 to timelimit (no timelimit).
Diffstat (limited to 'ldap')
| -rw-r--r-- | ldap/servers/plugins/syntaxes/string.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ldap/servers/plugins/syntaxes/string.c b/ldap/servers/plugins/syntaxes/string.c index c9477cce..7f8aefcc 100644 --- a/ldap/servers/plugins/syntaxes/string.c +++ b/ldap/servers/plugins/syntaxes/string.c @@ -201,11 +201,18 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, time_t time_up = 0; time_t optime = 0; /* time op was initiated */ int timelimit = 0; /* search timelimit */ + Operation *op = NULL; LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n", 0, 0, 0 ); - slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit ); - slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime ); + slapi_pblock_get( pb, SLAPI_OPERATION, &op ); + if (NULL != op) { + slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit ); + slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime ); + } else { + /* timelimit is not passed via pblock */ + timelimit = -1; + } /* * (timelimit==-1) means no time limit */ |