From 5b2bacde1d7561f28dd20cc965d641fbff558bc2 Mon Sep 17 00:00:00 2001
From: Valera V Harseko <vharseko@3a-systems.ru>
Date: Fri, 17 Jul 2026 11:13:11 +0000
Subject: [PATCH] CVE-2026-62366 Unauthenticated stack exhaustion when decoding an LDAP search filter (DoS)

---
 opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java b/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java
index 648be08..b1c394f 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/protocols/ldap/LDAPRequestHandler.java
@@ -13,6 +13,7 @@
  *
  * Copyright 2006-2010 Sun Microsystems, Inc.
  * Portions Copyright 2014-2016 ForgeRock AS.
+ * Portions Copyright 2026 3A Systems, LLC
  */
 package org.opends.server.protocols.ldap;
 
@@ -192,6 +193,16 @@
           readyConnection.disconnect(DisconnectReason.PROTOCOL_ERROR, true,
             e.getMessageObject());
         }
+        catch (StackOverflowError e)
+        {
+          // Defense in depth for over-nested protocol elements (e.g. search
+          // filters - GHSA-rv4q-c6mr-wxp7). A StackOverflowError is an Error,
+          // not an Exception, so without this it would escape and kill the
+          // shared request-handler thread. Drop only the offending connection.
+          logger.traceException(e);
+          readyConnection.disconnect(DisconnectReason.PROTOCOL_ERROR, true,
+            LocalizableMessage.raw(e.toString()));
+        }
         catch (Exception e)
         {
           logger.traceException(e);

--
Gitblit v1.10.0