The permissions on this repository are being updated. This may take a while.
During this time, you or some of the project's contributors may not be able
to push to this repository.
a49bd03Ticket 49969 - DOS caused by malformed search operation (security fix)
Ticket 49969 - DOS caused by malformed search operation (security fix)
Bug Description: There are two issues here. The one in we don't cloase a
connection when an invalid unbind occurs. The other is a
search request passing 8MB of NULL bytes as search attributes
will keep one thread busy for a long time. The reason is
that the attr array is copied/normalized to the searchattrs in
the search operation and does this using charray_add() which
iterates thru the array to determine the size of the array and
then allocate one element more. So this means we iterate 8
million times an array with a then average size of 4 million
elements.
Fix Description: We already have traversed the array once and know the size,
so we can allocate the needed size once and only copy the element.
In addition we check for the kind of degenerated attributes ""
as used in this test scenario. So the fix will reject invalid
attr lists and improve performance for valid ones
Author: Ludwig Krispens <lkrispen@redhat.com>
https://pagure.io/389-ds-base/issue/49969
Reviewed by: tbordaz & mreynolds (Thanks!)