0b25812872
* gnu/packages/openldap.scm (openldap)[replacement]: New field. (openldap/fixed): New variable. * gnu/packages/patches/openldap-CVE-2020-12243.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
126 lines
2.9 KiB
Diff
126 lines
2.9 KiB
Diff
From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001
|
|
From: Howard Chu <hyc@openldap.org>
|
|
Date: Thu, 16 Apr 2020 01:08:19 +0100
|
|
Subject: [PATCH] ITS#9202 limit depth of nested filters
|
|
|
|
Using a hardcoded limit for now; no reasonable apps
|
|
should ever run into it.
|
|
---
|
|
servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++---------
|
|
1 file changed, 32 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
|
|
index 3252cf2a7..ed57bbd7b 100644
|
|
--- a/servers/slapd/filter.c
|
|
+++ b/servers/slapd/filter.c
|
|
@@ -37,11 +37,16 @@
|
|
const Filter *slap_filter_objectClass_pres;
|
|
const struct berval *slap_filterstr_objectClass_pres;
|
|
|
|
+#ifndef SLAPD_MAX_FILTER_DEPTH
|
|
+#define SLAPD_MAX_FILTER_DEPTH 5000
|
|
+#endif
|
|
+
|
|
static int get_filter_list(
|
|
Operation *op,
|
|
BerElement *ber,
|
|
Filter **f,
|
|
- const char **text );
|
|
+ const char **text,
|
|
+ int depth );
|
|
|
|
static int get_ssa(
|
|
Operation *op,
|
|
@@ -80,12 +85,13 @@ filter_destroy( void )
|
|
return;
|
|
}
|
|
|
|
-int
|
|
-get_filter(
|
|
+static int
|
|
+get_filter0(
|
|
Operation *op,
|
|
BerElement *ber,
|
|
Filter **filt,
|
|
- const char **text )
|
|
+ const char **text,
|
|
+ int depth )
|
|
{
|
|
ber_tag_t tag;
|
|
ber_len_t len;
|
|
@@ -126,6 +132,11 @@ get_filter(
|
|
*
|
|
*/
|
|
|
|
+ if( depth > SLAPD_MAX_FILTER_DEPTH ) {
|
|
+ *text = "filter nested too deeply";
|
|
+ return SLAPD_DISCONNECT;
|
|
+ }
|
|
+
|
|
tag = ber_peek_tag( ber, &len );
|
|
|
|
if( tag == LBER_ERROR ) {
|
|
@@ -221,7 +232,7 @@ get_filter(
|
|
|
|
case LDAP_FILTER_AND:
|
|
Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
|
|
- err = get_filter_list( op, ber, &f.f_and, text );
|
|
+ err = get_filter_list( op, ber, &f.f_and, text, depth+1 );
|
|
if ( err != LDAP_SUCCESS ) {
|
|
break;
|
|
}
|
|
@@ -234,7 +245,7 @@ get_filter(
|
|
|
|
case LDAP_FILTER_OR:
|
|
Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
|
|
- err = get_filter_list( op, ber, &f.f_or, text );
|
|
+ err = get_filter_list( op, ber, &f.f_or, text, depth+1 );
|
|
if ( err != LDAP_SUCCESS ) {
|
|
break;
|
|
}
|
|
@@ -248,7 +259,7 @@ get_filter(
|
|
case LDAP_FILTER_NOT:
|
|
Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
|
|
(void) ber_skip_tag( ber, &len );
|
|
- err = get_filter( op, ber, &f.f_not, text );
|
|
+ err = get_filter0( op, ber, &f.f_not, text, depth+1 );
|
|
if ( err != LDAP_SUCCESS ) {
|
|
break;
|
|
}
|
|
@@ -311,10 +322,22 @@ get_filter(
|
|
return( err );
|
|
}
|
|
|
|
+int
|
|
+get_filter(
|
|
+ Operation *op,
|
|
+ BerElement *ber,
|
|
+ Filter **filt,
|
|
+ const char **text )
|
|
+{
|
|
+ return get_filter0( op, ber, filt, text, 0 );
|
|
+}
|
|
+
|
|
+
|
|
static int
|
|
get_filter_list( Operation *op, BerElement *ber,
|
|
Filter **f,
|
|
- const char **text )
|
|
+ const char **text,
|
|
+ int depth )
|
|
{
|
|
Filter **new;
|
|
int err;
|
|
@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber,
|
|
tag != LBER_DEFAULT;
|
|
tag = ber_next_element( ber, &len, last ) )
|
|
{
|
|
- err = get_filter( op, ber, new, text );
|
|
+ err = get_filter0( op, ber, new, text, depth );
|
|
if ( err != LDAP_SUCCESS )
|
|
return( err );
|
|
new = &(*new)->f_next;
|
|
--
|
|
2.26.2
|
|
|