[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6163) back-sql DoS when searching for empty attr

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6163) back-sql DoS when searching for empty attr
From: masarati@aero.polimi.it
Date: Mon, 3 Aug 2009 11:10:55 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

The bug is in the fact that (cn=) is an invalid filter, because cn's
syntax is directoryString, which does not allow the empty string.  As
such, the filter evaluates to undefined, and this is not properly handled
by back-sql.  A fix is in HEAD, please test (you only need to patch
back-sql/search.c and the patch should apply to almost any OpenLDAP 2.4
version).

p.

Prev by Date: Re: (ITS#6181) slapo-unique: slaptest fails in case unique_uri is prepended the keywords "strict" or "ignore"
Next by Date: Re: (ITS#6172) Crash with baseObject in back-sql
Index(es):
- Chronological
- Thread