[Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes string.c, 1.12, 1.13
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Fri Jul 18 22:45:41 UTC 2008
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4466
Modified Files:
string.c
Log Message:
Resolves: #448831
Summary: attacker can tie up CPU in regex code (comment #11)
Description: string_filter_sub always expected SLAPI_SEARCH_TIMELIMIT and
SLAPI_OPINITIATED_TIME were set in pblock, but it was not true. Fixed to check
the container of these values first, and retrieve them only if the container is
in the pblock. Otherwise, set -1 to timelimit (no timelimit).
Index: string.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/string.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- string.c 15 Jul 2008 16:49:41 -0000 1.12
+++ string.c 18 Jul 2008 22:45:36 -0000 1.13
@@ -201,11 +201,18 @@
time_t time_up = 0;
time_t optime = 0; /* time op was initiated */
int timelimit = 0; /* search timelimit */
+ Operation *op = NULL;
LDAPDebug( LDAP_DEBUG_FILTER, "=> string_filter_sub\n",
0, 0, 0 );
- slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit );
- slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
+ slapi_pblock_get( pb, SLAPI_OPERATION, &op );
+ if (NULL != op) {
+ slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &timelimit );
+ slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
+ } else {
+ /* timelimit is not passed via pblock */
+ timelimit = -1;
+ }
/*
* (timelimit==-1) means no time limit
*/
More information about the Fedora-directory-commits
mailing list