Issue 4379 - allow more than 1 empty AttributeDescription for ldapsea…

…rch, without the risk of denial of service (#4380) Bug description: The fix #3028 enforces a strict limit of empty attributeDescription. The limit is low (1) and some application may failing. We can relax this limit to a higher value without reopening DOS risk Fix description: Change the max authorized empty attributesDescription from 1 to 10 relates: #4379 Reviewed by: Mark Reynolds Platforms tested: F31
389ds · Oct 20, 2020 · 9faf2d7 · 9faf2d7
1 parent 22d6739
commit 9faf2d7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c
@@ -229,7 +229,7 @@ do_search(Slapi_PBlock *pb)
 
             if ( attrs[i][0] == '\0') {
                 empty_attrs++;
-                if (empty_attrs > 1) {
+                if (empty_attrs > 10) {
                     log_search_access(pb, base, scope, fstr, "invalid attribute request");
                     send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
                     slapi_ch_free_string(&normaci);