Author: nhosoi

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26906/plugins/acl

Modified Files: acl.c Log Message: Resoves: #448831 Summary: attacker can tie up CPU in regex code Description: when substring search is requested, sets the time limit based upon the nsslapd-timelimit value. Pass the timelimit (time_up) to the regular expression function. When the time is up, it returns the "Timelimit exceeded" error. Note: timelimit is applied non-Directory Manager users.

Index: acl.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acl.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- acl.c 18 Oct 2007 00:08:27 -0000 1.10 +++ acl.c 30 Jun 2008 17:28:16 -0000 1.11 @@ -3253,7 +3253,7 @@ ** matching, it seems that step() is leaking 1036 bytes/search ** I couldn't figure out why it's leaking. */ - rc = slapd_re_exec( realval ); + rc = slapd_re_exec( realval, -1 /* no timelimit */ );

slapd_re_unlock();