From: tbordaz <tbordaz@redhat.com>
Date: Wed, 30 Mar 2022 16:07:23 +0000 (+0200)
Subject: CVE-2022-0918 - Craft message may crash the server (#5243) - Issue 5242
X-Git-Tag: archive/raspbian/1.4.4.11-2+rpi1+deb11u1^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9e4defbd62eee152ac4dc520e1f0923add7ed18f;p=389-ds-base.git

CVE-2022-0918 - Craft message may crash the server (#5243) - Issue 5242

Bug description:
	A craft request can result in DoS

Fix description:
	If the server fails to decode the ber value
	then return an Error

relates: 5242

Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)

Platforms tested:  F34

Origin: upstream, commit:caad47ab207d7c5d61521ec4d33091db559c315a

Gbp-Pq: Name CVE-2022-0918-Craft-message-may-crash-the-server.patch
---

diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
index 40f11c2..dd3ce03 100644
--- a/ldap/servers/slapd/filter.c
+++ b/ldap/servers/slapd/filter.c
@@ -647,8 +647,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
         }
     }
 
-    if ((tag != LBER_ERROR) && (len != -1)) {
-        goto parsing_error;
+    if (tag == LBER_ERROR) {
+        if (len == -1) {
+            /* means that the ber sequence ended without  LBER_END_OF_SEQORSET tag
+             * and it is considered as valid to ensure compatibility with open ldap.
+             */
+        } else {
+            goto parsing_error;
+        }
     }
 
     slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);