[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6163) back-sql DoS when searching for empty attr
Hiya,
see also https://bugs.launchpad.net/bugs/382677
Whole text included here:
When using the SQL backend, a search like:
ldapsearch ... '(cn=)'
causes slapd to crash with this error:
slapd: /tmp/openldap-2.4.15/servers/slapd/back-sql/search.c:1366:
backsql_process_filter_attr: Assertion `0' failed.
Looking at the code there, it does a
switch(f->f_choice) {
....
default:
assert(0);
}
As it happens, in that instance f_choice is something like 0x80a3, that
is SLAPD_FILTER_UNDEFINED|LDAP_FILTER_EQUALITY.
And the back-sql backend doesn't support that SLAPD_FILTER_UNDEFINED
flag like the other backends, hence the abort() on that assert.
A work around for that (change in indentation not shown):
--- search.c~ 2009-06-01 15:55:16.000000000 +0100
+++ servers/slapd/back-sql/search.c 2009-06-01 17:00:51.000000000 +0100
@@ -717,6 +717,9 @@
goto done;
}
+ if (f->f_choice & SLAPD_FILTER_UNDEFINED) {
+ rc = -1;
+ } else {
switch( f->f_choice ) {
case LDAP_FILTER_OR:
rc = backsql_process_filter_list( bsi, f->f_or,
@@ -772,6 +775,7 @@
ad = f->f_av_desc;
break;
}
+ }
if ( rc == -1 ) {
goto done;
That's only a work around. The fix would be to implement the support for
such searches.
Best regards,
Stephane