From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Wed, 25 Jan 2017 16:10:51 +0000 (+0100)
Subject: Gracefully deny users or groups with too long DNs
X-Git-Tag: v12.0.0beta1~627^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=03ae7b654f62a37cc3fd637ab4f971128163f22a;p=nextcloud-server.git

Gracefully deny users or groups with too long DNs

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index cace64a7deb..9f6639c0db0 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -678,6 +678,9 @@ class Access extends LDAPUtility implements IUserTools {
 	 */
 	public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
 		$user = $this->userManager->get($ocName);
+		if($user === null) {
+			return;
+		}
 		$displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
 		$cacheKeyTrunk = 'getDisplayName';
 		$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php
index 8e7f1f8b137..6fb4a5436c3 100644
--- a/apps/user_ldap/lib/Mapping/AbstractMapping.php
+++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php
@@ -209,6 +209,17 @@ abstract class AbstractMapping {
 	 * @return bool
 	 */
 	public function map($fdn, $name, $uuid) {
+		if(mb_strlen($fdn) > 255) {
+			\OC::$server->getLogger()->error(
+				'Cannot map, because the DN exceeds 255 characters: {dn}',
+				[
+					'app' => 'user_ldap',
+					'dn' => $fdn,
+				]
+			);
+			return false;
+		}
+
 		$row = array(
 			'ldap_dn'        => $fdn,
 			'owncloud_name'  => $name,
diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
index 91013085c2c..5c3474d9ad2 100644
--- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
+++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
@@ -106,7 +106,8 @@ abstract class AbstractMappingTest extends \Test\TestCase {
 		list($mapper, $data) = $this->initTest();
 
 		// test that mapping will not happen when it shall not
-		$paramKeys = array('', 'dn', 'name', 'uuid');
+		$tooLongDN = 'uid=joann,ou=Secret Small Specialized Department,ou=Some Tremendously Important Department,ou=Another Very Important Department,ou=Pretty Meaningful Derpartment,ou=Quite Broad And General Department,ou=The Topmost Department,dc=hugelysuccessfulcompany,dc=com';
+		$paramKeys = array('', 'dn', 'name', 'uuid', $tooLongDN);
 		foreach($paramKeys as $key) {
 			$failEntry = $data[0];
 			if(!empty($key)) {