Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Craft message may crash the server #5242

Closed
tbordaz opened this issue Mar 30, 2022 · 1 comment
Closed

Craft message may crash the server #5242

tbordaz opened this issue Mar 30, 2022 · 1 comment
Assignees
Labels
easy fix Fix is easy priority_high need urgent fix / highly valuable / easy to fix
Milestone

Comments

@tbordaz
Copy link
Contributor

tbordaz commented Mar 30, 2022

Issue Description
A request containing craft parameters may crash a server

Package Version and Platform:
all versions

Steps to Reproduce

Expected results
should not crash

@tbordaz tbordaz added easy fix Fix is easy priority_high need urgent fix / highly valuable / easy to fix labels Mar 30, 2022
@tbordaz tbordaz self-assigned this Mar 30, 2022
@tbordaz tbordaz added this to the 1.3.10 milestone Mar 30, 2022
@tbordaz
Copy link
Contributor Author

tbordaz commented Mar 30, 2022

9b6882e..caad47a master
dc3f6a3..b7f8910 389-ds-base-2.1
f9903a0..f46ab49 389-ds-base-2.0
6c948d0..b12c722 389-ds-base-1.4.4
3ae8687..3fcd3b1 389-ds-base-1.4.3
1e0a3e0..1699872 389-ds-base-1.3.10

@tbordaz tbordaz closed this as completed Mar 30, 2022
tbordaz added a commit to tbordaz/389-ds-base that referenced this issue Mar 30, 2022
Bug description:
	A craft request can result in DoS

Fix description:
	If the server fails to decode the ber value
	then return an Error

relates: 389ds#5242

Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)

Platforms tested:  F34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
easy fix Fix is easy priority_high need urgent fix / highly valuable / easy to fix
Projects
None yet
Development

No branches or pull requests

1 participant