[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6163) back-sql DoS when searching for empty attr



Hiya,

see also https://bugs.launchpad.net/bugs/382677

Whole text included here:

When using the SQL backend, a search like:

ldapsearch ... '(cn=)'

causes slapd to crash with this error:

slapd: /tmp/openldap-2.4.15/servers/slapd/back-sql/search.c:1366: 
backsql_process_filter_attr: Assertion `0' failed.

Looking at the code there, it does a

switch(f->f_choice) {
   ....
   default:
      assert(0);
}

As it happens, in that instance f_choice is something like 0x80a3, that 
is SLAPD_FILTER_UNDEFINED|LDAP_FILTER_EQUALITY.

And the back-sql backend doesn't support that SLAPD_FILTER_UNDEFINED 
flag like the other backends, hence the abort() on that assert.

A work around for that (change in indentation not shown):

--- search.c~ 2009-06-01 15:55:16.000000000 +0100
+++ servers/slapd/back-sql/search.c 2009-06-01 17:00:51.000000000 +0100
@@ -717,6 +717,9 @@
   goto done;
  }

+ if (f->f_choice & SLAPD_FILTER_UNDEFINED) {
+ rc = -1;
+ } else {
  switch( f->f_choice ) {
  case LDAP_FILTER_OR:
   rc = backsql_process_filter_list( bsi, f->f_or,
@@ -772,6 +775,7 @@
   ad = f->f_av_desc;
   break;
  }
+ }

  if ( rc == -1 ) {
   goto done;

That's only a work around. The fix would be to implement the support for 
such searches.

Best regards,
Stephane