ea0578b Bug 1024552 DoS due to improper handling of ger attr searches

Authored and Committed by rmeggins 5 years ago
    Bug 1024552 DoS due to improper handling of ger attr searches
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1024552
    Reviewed by: nhosoi (Thanks!)
    Branch: master
    Fix Description: The traversal of the attr list looking for GER objectclasses
    was modifying the same attribute twice, removing the "@" from it.  The second
    time, since there was no "@" in the string, the strchr would return NULL, and
    the code would not check for it.
    The code was simplified and rewritten to use charray_merge_nodup
    to build the gerattrs list with unique objectclass values, which I believe was
    the intention of the original code.  I also added some error checking to look
    for invalid attributes like "@name" "name@" and "name@name@name".
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no
    (cherry picked from commit 3a1ce9e326d9788be233f7edd9d7bad20efb9690)
    (cherry picked from commit 47f1769dbd1618d0385fb3e5441219f9c280486b)
    
        
file modified
+16 -63