From bdb1af66c0026d65e0529ce42025409beb34b6d2 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Oct 10 2018 13:26:41 +0000
Subject: Ticket 49969 - DOS caused by malformed search operation (part 2)


Description:  Fix regression that casued a crash

https://pagure.io/389-ds-base/issue/49969

---

diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c
index dc26fc4..7e253f5 100644
--- a/ldap/servers/slapd/search.c
+++ b/ldap/servers/slapd/search.c
@@ -210,6 +210,7 @@ do_search(Slapi_PBlock *pb)
         char *normaci = slapi_attr_syntax_normalize("aci");
         int replace_aci = 0;
         int attr_count = 0;
+        int empty_attrs = 0;
         if (!normaci) {
             normaci = slapi_ch_strdup("aci");
         } else if (strcasecmp(normaci, "aci")) {
@@ -226,10 +227,13 @@ do_search(Slapi_PBlock *pb)
             attr_count++;
 
             if ( attrs[i][0] == '\0') {
-                log_search_access(pb, base, scope, fstr, "invalid attribute request");
-                send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
-                slapi_ch_free_string(&normaci);
-                goto free_and_return;
+                empty_attrs++;
+                if (empty_attrs > 1) {
+                    log_search_access(pb, base, scope, fstr, "invalid attribute request");
+                    send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
+                    slapi_ch_free_string(&normaci);
+                    goto free_and_return;
+                }
             }
 
             /* check if @<objectclass> is included */