From 9e4defbd62eee152ac4dc520e1f0923add7ed18f Mon Sep 17 00:00:00 2001
From: tbordaz <tbordaz@redhat.com>
Date: Wed, 30 Mar 2022 18:07:23 +0200
Subject: [PATCH] CVE-2022-0918 - Craft message may crash the server (#5243) -
 Issue 5242

Bug description:
	A craft request can result in DoS

Fix description:
	If the server fails to decode the ber value
	then return an Error

relates: 5242

Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)

Platforms tested:  F34

Origin: upstream, commit:caad47ab207d7c5d61521ec4d33091db559c315a

Gbp-Pq: Name CVE-2022-0918-Craft-message-may-crash-the-server.patch
---
 ldap/servers/slapd/filter.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
index 40f11c2..dd3ce03 100644
--- a/ldap/servers/slapd/filter.c
+++ b/ldap/servers/slapd/filter.c
@@ -647,8 +647,14 @@ get_extensible_filter(BerElement *ber, mr_filter_t *mrf)
         }
     }
 
-    if ((tag != LBER_ERROR) && (len != -1)) {
-        goto parsing_error;
+    if (tag == LBER_ERROR) {
+        if (len == -1) {
+            /* means that the ber sequence ended without  LBER_END_OF_SEQORSET tag
+             * and it is considered as valid to ensure compatibility with open ldap.
+             */
+        } else {
+            goto parsing_error;
+        }
     }
 
     slapi_log_err(SLAPI_LOG_FILTER, "get_extensible_filter", "<= %i\n", rc);
-- 
2.30.2