[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_search.c, 1.12, 1.13
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Mon Jun 30 17:28:19 UTC 2008
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd entry.c, 1.15, 1.16 filterentry.c, 1.7, 1.8 getfilelist.c, 1.7, 1.8 plugin_syntax.c, 1.5, 1.6 proto-slap.h, 1.34, 1.35 regex.c, 1.6, 1.7 sasl_map.c, 1.8, 1.9 slapi-private.h, 1.24, 1.25 vattr.c, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26906/slapd/back-ldbm
Modified Files:
ldbm_search.c
Log Message:
Resoves: #448831
Summary: attacker can tie up CPU in regex code
Description: when substring search is requested, sets the time limit based upon
the nsslapd-timelimit value. Pass the timelimit (time_up) to the regular
expression function. When the time is up, it returns the "Timelimit exceeded"
error. Note: timelimit is applied non-Directory Manager users.
Index: ldbm_search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_search.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ldbm_search.c 12 Oct 2007 18:03:42 -0000 1.12
+++ ldbm_search.c 30 Jun 2008 17:28:16 -0000 1.13
@@ -1296,6 +1296,10 @@
"Failed the filter test", 0, NULL );
rc = SLAPI_FAIL_GENERAL;
goto bail;
+ } else if (LDAP_TIMELIMIT_EXCEEDED == filter_test) {
+ slapi_send_ldap_result( pb, LDAP_TIMELIMIT_EXCEEDED, NULL, NULL, nentries, urls );
+ rc = SLAPI_FAIL_GENERAL;
+ goto bail;
}
}
}
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd entry.c, 1.15, 1.16 filterentry.c, 1.7, 1.8 getfilelist.c, 1.7, 1.8 plugin_syntax.c, 1.5, 1.6 proto-slap.h, 1.34, 1.35 regex.c, 1.6, 1.7 sasl_map.c, 1.8, 1.9 slapi-private.h, 1.24, 1.25 vattr.c, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list