CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch

[389-ds-bot]

Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/49661

• Created at 2018-05-08 16:53:21 by mreynolds (@mreynolds389)
• Closed at 2018-05-08 17:06:58 as fixed
• Assigned to mreynolds (@mreynolds389)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1559819

---

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1559819

It is possible to crash ns-slapd (and ipa-dnskeysyncd afterwards) with crafted ldapsearch query with very long filter value both as anonymous or authenticated user. The crash can be similarly triggered with a query via the FreeIPA API as an authenticated user.

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-08 16:53:23

Metadata Update from @mreynolds389:

• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1559819

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-08 16:53:58

Metadata Update from @mreynolds389:

• Issue assigned to mreynolds389

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-08 17:06:59

d77c7f0..9d8d096 master -> master

eb08d43..a589008 389-ds-base-1.3.8 -> 389-ds-base-1.3.8

8bdcfa4..056d75c 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

99ba446..62ac4ec 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

f4a76bb..2728983 389-ds-base-1.2.11 -> 389-ds-base-1.2.11

[389-ds-bot]

Comment from mreynolds (@mreynolds389) at 2018-05-08 17:07:00

Metadata Update from @mreynolds389:

• Custom field component adjusted to None
• Custom field origin adjusted to None
• Custom field reviewstatus adjusted to None
• Custom field type adjusted to None
• Custom field version adjusted to None
• Issue close_status updated to: fixed
• Issue set to the milestone: 1.2.11 (was: 0.0 NEEDS_TRIAGE)
• Issue status updated to: Closed (was: Open)