From: Howard Chu <hyc@openldap.org>
Date: Wed, 17 Jul 2019 09:17:43 +0000 (+0100)
Subject: ITS#7657 honor unchecked limit
X-Git-Tag: OPENLDAP_REL_ENG_2_5_0ALPHA~67^2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92b03e82e0dd3e2c65f887c98dbd13dce1cb5dbe;p=thirdparty%2Fopenldap.git

ITS#7657 honor unchecked limit
---

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 1bfd0bc29c..c659381e7b 100644
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -161,6 +161,12 @@ static int search_aliases(
 	if (rs->sr_err != LDAP_SUCCESS || MDB_IDL_IS_ZERO( aliases )) {
 		return rs->sr_err;
 	}
+	if ( op->ors_limit	/* isroot == FALSE */ &&
+		op->ors_limit->lms_s_unchecked != -1 &&
+		MDB_IDL_N( aliases ) > (unsigned) op->ors_limit->lms_s_unchecked )
+	{
+		return LDAP_ADMINLIMIT_EXCEEDED;
+	}
 	oldsubs[0] = 1;
 	oldsubs[1] = e_id;
 
@@ -670,6 +676,10 @@ dn2entry_retry:
 		scopes[1].mval.mv_data = NULL;
 		rs->sr_err = search_candidates( op, rs, base,
 			&isc, mci, candidates, stack );
+
+		if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED )
+			goto adminlimit;
+
 		ncand = MDB_IDL_N( candidates );
 		if ( !base->e_id || ncand == NOID ) {
 			/* grab entry count from id2entry stat
@@ -700,6 +710,7 @@ dn2entry_retry:
 		ncand > (unsigned) op->ors_limit->lms_s_unchecked )
 	{
 		rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+adminlimit:
 		send_ldap_result( op, rs );
 		rs->sr_err = LDAP_SUCCESS;
 		goto done;