9 Mar
2015
9 Mar
'15
6:58 p.m.
I have made a patch for this problem.
https://gist.github.com/akagisho/0d0d148c94616b84a513
2011-03-10 2:37 GMT+09:00 Howard Chu hyc@symas.com:
atze_80@web.de wrote:
Can confirm this with openldap 2.4.24.
Thanks, the bug was already confirmed.
Using ldap search filters like this:
(cn=blabla' or '1'='1)
is at least causing my postgres to eat all CPU cycles it can get (LDAP data is based on complex view). I do not have write access enabled for that particular openLDAP installation, but I also assume that SQL Injection is possible. Beside being an obviuos malfunction, this should be considered a security issue.
As the bug status says, "patches welcome." back-sql is not a priority for any of the core developers.
3544
Age (days ago)
3544
Last active (days ago)
0 comments
1 participants
participants (1)
-
akagishoï¼ gmail.com