Merge pull request #3264 from nextcloud/ldap-deny-long-dns

Gracefully deny users or groups with too long DNs

2 files changed, 14 insertions, 0 deletions

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index cace64a7deb..9f6639c0db0 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -678,6 +678,9 @@ class Access extends LDAPUtility implements IUserTools {
 	 */
 	public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
 		$user = $this->userManager->get($ocName);
+		if($user === null) {
+			return;
+		}
 		$displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
 		$cacheKeyTrunk = 'getDisplayName';
 		$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php
index 8e7f1f8b137..6fb4a5436c3 100644
--- a/apps/user_ldap/lib/Mapping/AbstractMapping.php
+++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php
@@ -209,6 +209,17 @@ abstract class AbstractMapping {
 	 * @return bool
 	 */
 	public function map($fdn, $name, $uuid) {
+		if(mb_strlen($fdn) > 255) {
+			\OC::$server->getLogger()->error(
+				'Cannot map, because the DN exceeds 255 characters: {dn}',
+				[
+					'app' => 'user_ldap',
+					'dn' => $fdn,
+				]
+			);
+			return false;
+		}
+
 		$row = array(
 			'ldap_dn'        => $fdn,
 			'owncloud_name'  => $name,