From 5b2bacde1d7561f28dd20cc965d641fbff558bc2 Mon Sep 17 00:00:00 2001
From: Valera V Harseko <vharseko@3a-systems.ru>
Date: Fri, 17 Jul 2026 11:13:11 +0000
Subject: [PATCH] CVE-2026-62366 Unauthenticated stack exhaustion when decoding an LDAP search filter (DoS)
---
opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java
index 648be08..b1c394f 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java
@@ -13,6 +13,7 @@
*
* Copyright 2006-2010 Sun Microsystems, Inc.
* Portions Copyright 2014-2016 ForgeRock AS.
+ * Portions Copyright 2026 3A Systems, LLC
*/
package org.opends.server.protocols.ldap;
@@ -192,6 +193,16 @@
readyConnection.disconnect(DisconnectReason.PROTOCOL_ERROR, true,
e.getMessageObject());
}
+ catch (StackOverflowError e)
+ {
+ // Defense in depth for over-nested protocol elements (e.g. search
+ // filters - GHSA-rv4q-c6mr-wxp7). A StackOverflowError is an Error,
+ // not an Exception, so without this it would escape and kill the
+ // shared request-handler thread. Drop only the offending connection.
+ logger.traceException(e);
+ readyConnection.disconnect(DisconnectReason.PROTOCOL_ERROR, true,
+ LocalizableMessage.raw(e.toString()));
+ }
catch (Exception e)
{
logger.traceException(e);
--
Gitblit v1.10.0