From: Howard Chu <hyc@openldap.org>
Date: Wed, 17 Jul 2019 09:17:43 +0000 (+0100)
Subject: ITS#7657 honor unchecked limit
X-Git-Tag: OPENLDAP_REL_ENG_2_4_49~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=121bb30e9588de9e8e7301aea24412ab50bb1626;p=thirdparty%2Fopenldap.git

ITS#7657 honor unchecked limit
---

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 62249afab5..00ae50785e 100644
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -161,6 +161,12 @@ static int search_aliases(
 	if (rs->sr_err != LDAP_SUCCESS || MDB_IDL_IS_ZERO( aliases )) {
 		return rs->sr_err;
 	}
+	if ( op->ors_limit	/* isroot == FALSE */ &&
+		op->ors_limit->lms_s_unchecked != -1 &&
+		MDB_IDL_N( aliases ) > (unsigned) op->ors_limit->lms_s_unchecked )
+	{
+		return LDAP_ADMINLIMIT_EXCEEDED;
+	}
 	oldsubs[0] = 1;
 	oldsubs[1] = e_id;
 
@@ -665,6 +671,10 @@ dn2entry_retry:
 		scopes[1].mval.mv_data = NULL;
 		rs->sr_err = search_candidates( op, rs, base,
 			&isc, mci, candidates, stack );
+
+		if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED )
+			goto adminlimit;
+
 		ncand = MDB_IDL_N( candidates );
 		if ( !base->e_id || ncand == NOID ) {
 			/* grab entry count from id2entry stat
@@ -696,6 +706,7 @@ dn2entry_retry:
 		ncand > (unsigned) op->ors_limit->lms_s_unchecked )
 	{
 		rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+adminlimit:
 		send_ldap_result( op, rs );
 		rs->sr_err = LDAP_SUCCESS;
 		goto done;