View Issue Details

IDProjectCategoryView StatusLast Update
0005355SOGoBackend Address Bookpublic2021-09-30 12:14
Reporterrschuetz Assigned Tofrancis  
PrioritynormalSeveritycrashReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version5.3.0 
Summary0005355: CardDAV addressbook-multiget report denial-of-service

A CardDAV addressbook-multiget report request like

<card:addressbook-multiget xmlns:card="urn:ietf:params:xml:ns:carddav" xmlns:cs="; xmlns:d="DAV:">

for a LDAP-backed addressbook creates n concurrent connections to the LDAP server. This can quickly lead to a denial-of-service situation, if the open file descriptors limit of the SOGo or LDAP process is reached. A better approach would be to reuse a single connection for all n LDAP search operations.

TagsNo tags attached.


There are no notes attached to this issue.

Related Changesets

sogo: master 3da633ae

2021-09-29 16:00


Details Diff
fix(addressbook): reuse LDAP connection in CardDAV report

Fixes 0005355
Affected Issues
mod - SoObjects/Contacts/SOGoContactSourceFolder.m Diff File
mod - SoObjects/SOGo/LDAPSource.m Diff File
mod - SoObjects/SOGo/SOGoSource.h Diff File
mod - SoObjects/SOGo/SQLSource.m Diff File

Issue History

Date Modified Username Field Change
2021-07-12 13:10 rschuetz New Issue
2021-09-30 12:14 francis Changeset attached => sogo master 3da633ae
2021-09-30 12:14 francis Assigned To => francis
2021-09-30 12:14 francis Resolution open => fixed
2021-09-30 12:14 francis Status new => resolved
2021-09-30 12:14 francis Fixed in Version => 5.3.0