ldap/servers/plugins/acl/acllas.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
New commits:
commit 1bbbb3e5049c1aa0650546efab87ed2f1ea59637
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Jan 5 16:49:10 2012 -0700
Ticket #162 - Infinite loop / spin inside strcmpi_fast,
acl_read_access_allowed_on_attr, server DoS
https://fedorahosted.org/389/ticket/162
Resolves: ticket 162
Bug Description: Infinite loop / spin inside strcmpi_fast,
acl_read_access_allowed_on_attr, server DoS
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: Cannot use continue - have to go to the end of the loop and
get the next attribute - added a label for nextattr and use goto nextattr
instead of continue.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index 4a82717..b838bc5 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -2450,7 +2450,9 @@ acllas__handle_group_entry (Slapi_Entry* e, void *callback_data)
} else if (strcasecmp ( attrType, type_memberURL) == 0) {
char *memberURL, *savURL;
- if (!info->userDN) continue;
+ if (!info->userDN) {
+ goto nextattr; /* cannot evaulate memberURL with no userDN - go to next group
attribute */
+ }
i= slapi_attr_first_value ( currAttr,&sval );
while ( i != -1 ) {
@@ -2487,13 +2489,14 @@ acllas__handle_group_entry (Slapi_Entry* e, void *callback_data)
}
i = slapi_attr_next_value ( currAttr, i, &sval );
}
- /* Evaluate Fortezza groups */
+ /* Evaluate Certificate groups */
} else if ((strcasecmp (attrType, type_memberCert) == 0) ) {
/* Do we have the certificate around */
if (!info->clientCert) {
slapi_log_error( SLAPI_LOG_ACL, plugin_name,
" acllas__handle_group_entry:Client Cert missing\n" );
- continue;
+ /* cannot evaulate cert membership without cert - go to next attribute */
+ goto nextattr;
}
i = slapi_attr_first_value ( currAttr,&sval );
while ( i != -1 ) {
@@ -2507,7 +2510,8 @@ acllas__handle_group_entry (Slapi_Entry* e, void *callback_data)
i = slapi_attr_next_value ( currAttr, i, &sval );
}
}
-
+
+nextattr:
attrType = NULL;
/* get the next attr */
slapi_entry_next_attr ( e, currAttr, &nextAttr );