New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service #4379
Comments
tbordaz
added a commit
to tbordaz/389-ds-base
that referenced
this issue
Oct 15, 2020
…rch, without the risk of denial of service Bug description: The fix 389ds#3028 enforces a strict limit of empty attributeDescription. The limit is low (1) and some application may failing. We can relax this limit to a higher value without reopening DOS risk Fix description: Change the max authorized empty attributesDescription from 1 to 10 relates: 389ds#4379 Reviewed by: Mark Reynolds Platforms tested: F31
tbordaz
added a commit
that referenced
this issue
Oct 15, 2020
…rch, without the risk of denial of service (#4380) Bug description: The fix #3028 enforces a strict limit of empty attributeDescription. The limit is low (1) and some application may failing. We can relax this limit to a higher value without reopening DOS risk Fix description: Change the max authorized empty attributesDescription from 1 to 10 relates: #4379 Reviewed by: Mark Reynolds Platforms tested: F31
tbordaz
added a commit
that referenced
this issue
Oct 20, 2020
…rch, without the risk of denial of service (#4380) Bug description: The fix #3028 enforces a strict limit of empty attributeDescription. The limit is low (1) and some application may failing. We can relax this limit to a higher value without reopening DOS risk Fix description: Change the max authorized empty attributesDescription from 1 to 10 relates: #4379 Reviewed by: Mark Reynolds Platforms tested: F31
tbordaz
added a commit
that referenced
this issue
Oct 20, 2020
…rch, without the risk of denial of service (#4380) Bug description: The fix #3028 enforces a strict limit of empty attributeDescription. The limit is low (1) and some application may failing. We can relax this limit to a higher value without reopening DOS risk Fix description: Change the max authorized empty attributesDescription from 1 to 10 relates: #4379 Reviewed by: Mark Reynolds Platforms tested: F31
tbordaz
added a commit
that referenced
this issue
Oct 20, 2020
…rch, without the risk of denial of service (#4380) Bug description: The fix #3028 enforces a strict limit of empty attributeDescription. The limit is low (1) and some application may failing. We can relax this limit to a higher value without reopening DOS risk Fix description: Change the max authorized empty attributesDescription from 1 to 10 relates: #4379 Reviewed by: Mark Reynolds Platforms tested: F31
tbordaz
added
easy fix
Fix is easy
and removed
needs triage
The issue will be triaged during scrum
labels
Oct 20, 2020
aadhikar
added a commit
to aadhikar/389-ds-base
that referenced
this issue
Jun 2, 2021
…rch, without the risk of denial of service Desciption: Added a test case to verify up to 10 empty values and a negative case to check max limit. Relates: 389ds#4379 Reviewed by: @bsimonova, @droideck (Thanks!)
aadhikar
added a commit
to aadhikar/389-ds-base
that referenced
this issue
Jun 2, 2021
…rch, without the risk of denial of service Description: Added a test case to verify up to 10 empty values and a negative case to check max limit. Relates: 389ds#4379 Reviewed by: @vashirov, @bsimonova, @droideck (Thanks!)
bsimonova
pushed a commit
that referenced
this issue
Jun 2, 2021
…rch, without the risk of denial of service Desciption: Added a test case to verify up to 10 empty values and a negative case to check max limit. Relates: #4379 Reviewed by: @bsimonova, @droideck (Thanks!)
bsimonova
pushed a commit
that referenced
this issue
Jun 2, 2021
…rch, without the risk of denial of service Description: Added a test case to verify up to 10 empty values and a negative case to check max limit. Relates: #4379 Reviewed by: @vashirov, @bsimonova, @droideck (Thanks!)
@tbordaz by just looking at it I think it's failing because we changed the filter function to have one more argument that is |
@aadhikar your eyes are much better than mine. Thanks for spotting this. I will test a fix. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Description
#3028 enforce a strict limit of empty attributeDescription.
This is good but the limit is so low that some application may start failing
This bug is to extend a bit that limit so that application wont break
Package Version and Platform:
Steps to Reproduce
ldapsearch -LLL.... -b 'dc=example,dc=com' "" "" cn
Protocol error (2)
Expected results
It should succeed up to 10 empty attributes
The text was updated successfully, but these errors were encountered: