Ticket #47605 CVE-2013-4485: DoS due to improper handling of ger attr searches
https://fedorahosted.org/389/ticket/47605
Reviewed by: nhosoi (Thanks!)
Branch: 389-ds-base-1.3.1
Fix Description: The traversal of the attr list looking for GER objectclasses
was modifying the same attribute twice, removing the "@" from it. The second
time, since there was no "@" in the string, the strchr would return NULL, and
the code would not check for it.
The code was simplified and rewritten to use charray_merge_nodup
to build the gerattrs list with unique objectclass values, which I believe was
the intention of the original code. I also added some error checking to look
for invalid attributes like "@name" "name@" and "name@name@name".
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 7e03702932546e74f0044d11832e7e7e395cbb36)
(cherry picked from commit 12e54af6982ab5406f4bba6a02dd0724a0415501)
(cherry picked from commit 8c5e74b291d08c66e0afbf766f77f955725b9bf4)