https://bugs.openldap.org/show_bug.cgi?id=9347
Ondřej Kuzník <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|OpenLDAP-devs | --- Comment #2 from Ondřej Kuzník <[email protected]> --- This is certainly not an integer overflow of any kind, just an invalid policy, hence it is ignored and an error is logged. Whether that is a security issue is debatable, as every policy admin should make sure the policy they set is valid and is enforced correctly. As an aside, it might be worth trying to apply the default policy if a specified policy doesn't exist/doesn't validate, but that would be a change from existing behaviour as enshrined in the test suite. -- You are receiving this mail because: You are on the CC list for the issue.
