From 04f8cfd493dd9fb10ed98778543edb5ba69e4476 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Fri, 18 Jul 2008 22:45:36 +0000 Subject: Resolves: #448831 Summary: attacker can tie up CPU in regex code (comment #11) Description: string_filter_sub always expected SLAPI_SEARCH_TIMELIMIT and SLAPI_OPINITIATED_TIME were set in pblock, but it was not true. Fixed to check the container of these values first, and retrieve them only if the container is in the pblock. Otherwise, set -1 to timelimit (no timelimit). --- ldap/servers/plugins/syntaxes/string.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ldap/servers/plugins/syntaxes/string.c b/ldap/servers/plugins/syntaxes/string.c index c9477cce..7f8aefcc 100644 --- a/ldap/servers/plugins/syntaxes/string.c +++ b/ldap/servers/plugins/syntaxes/string.c @@ -201,11 +201,18 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, time_t time_up = 0; time_t optime = 0; /* time op was initiated */ int timelimit = 0; /* search timelimit */ + Operation *op = NULL; LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n", 0, 0, 0 ); - slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit ); - slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime ); + slapi_pblock_get( pb, SLAPI_OPERATION, &op ); + if (NULL != op) { + slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit ); + slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime ); + } else { + /* timelimit is not passed via pblock */ + timelimit = -1; + } /* * (timelimit==-1) means no time limit */ -- cgit