From e113e18bb6da3544aa052c437537a35d8eb61aae Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Sun, 11 Dec 2005 23:39:09 +0000 Subject: [PATCH] more about sizelimit disclose issue in back-meta (ITS#4213) --- servers/slapd/back-meta/search.c | 2 +- tests/data/meta.out | 26 +++++++++++++++++++ tests/data/slapd-meta.conf | 2 ++ tests/scripts/test035-meta | 44 ++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 1 deletion(-) diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 08f61b904d..f1f8bc2d97 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -453,7 +453,7 @@ really_bad:; ldap_msgfree( res ); res = NULL; - switch ( rc ) { + switch ( rs->sr_err ) { case LDAP_SIZELIMIT_EXCEEDED: savepriv = op->o_private; op->o_private = (void *)i; diff --git a/tests/data/meta.out b/tests/data/meta.out index 4826865aa7..c6aeffe5cb 100644 --- a/tests/data/meta.out +++ b/tests/data/meta.out @@ -1442,3 +1442,29 @@ member: cn=Another Added Group,ou=Groups,o=Example,c=US # refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub +# Checking server-enforced size limit... +Size limit exceeded (4) +dn: ou=Alumni Association,ou=People,o=Example,c=US + +dn: cn=Dan Aykroyd,ou=Meta,o=Example,c=US + +dn: o=Example,c=US + +dn: ou=Groups,o=Example,c=US + +dn: cn=John Belushi,ou=Meta,o=Example,c=US + +dn: ou=Meta,o=Example,c=US + +dn: ou=People,o=Example,c=US + +dn: ou=Same as above,ou=Meta,o=Example,c=US + +# refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub + +# Checking client-requested size limit... +Size limit exceeded (4) +dn: o=Example,c=US + +dn: ou=Meta,o=Example,c=US + diff --git a/tests/data/slapd-meta.conf b/tests/data/slapd-meta.conf index e92ac94655..41db0433a2 100644 --- a/tests/data/slapd-meta.conf +++ b/tests/data/slapd-meta.conf @@ -59,4 +59,6 @@ suffixmassage "o=Example,c=US" "dc=example,dc=com" pseudorootdn "cn=manager,dc=example,dc=com" pseudorootpw secret +limits dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=Example,c=US" time=1 size=8 + #monitor#database monitor diff --git a/tests/scripts/test035-meta b/tests/scripts/test035-meta index f66d5cc984..30075cea84 100755 --- a/tests/scripts/test035-meta +++ b/tests/scripts/test035-meta @@ -471,6 +471,50 @@ case $RC in ;; esac +echo "Checking server-enforced size limit..." +echo "# Checking server-enforced size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" "(objectClass=*)" 1.1 \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in + 0) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 4) + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +echo "Checking client-requested size limit..." +echo "# Checking client-requested size limit..." >> $SEARCHOUT +$LDAPSEARCH -S "" -h $LOCALHOST -p $PORT3 \ + -D "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" -w bjorn \ + -b "$BASEDN" -z 2 "(objectClass=*)" 1.1 \ + >> $SEARCHOUT 2>&1 +RC=$? +case $RC in + 0) + echo "Search should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; + 4) + ;; + *) + echo "Search failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + echo "Filtering ldapsearch results..." . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT echo "Filtering original ldif used to create database..." -- 2.39.5