dab9848 Bug 1024552 DoS due to improper handling of ger attr searches

Authored and Committed by rmeggins 10 years ago
    Bug 1024552 DoS due to improper handling of ger attr searches
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1024552
    Reviewed by: nhosoi (Thanks!)
    Branch: master
    Fix Description: The traversal of the attr list looking for GER objectclasses
    was modifying the same attribute twice, removing the "@" from it.  The second
    time, since there was no "@" in the string, the strchr would return NULL, and
    the code would not check for it.
    The code was simplified and rewritten to use charray_merge_nodup
    to build the gerattrs list with unique objectclass values, which I believe was
    the intention of the original code.  I also added some error checking to look
    for invalid attributes like "@name" "name@" and "name@name@name".
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no
    (cherry picked from commit 3a1ce9e326d9788be233f7edd9d7bad20efb9690)
    (cherry picked from commit 47f1769dbd1618d0385fb3e5441219f9c280486b)
    
        
file modified
+16 -63