*len = lc;
}
+ /* BER element should have enough data left */
+ if( *len > ber_pvt_ber_remaining( ber ) ) {
+ return LBER_DEFAULT;
+ }
+
return tag;
}
if ( (tag = ber_skip_tag( ber, &datalen )) == LBER_DEFAULT ) {
return LBER_DEFAULT;
}
- if ( datalen > (*len - 1) ) {
+
+ /* must fit within allocated space with termination */
+ if ( datalen >= *len ) {
return LBER_DEFAULT;
}
assert( BER_VALID( ber ) );
- nleft = ber->ber_end - ber->ber_ptr;
+ nleft = ber_pvt_ber_remaining( ber );
actuallen = nleft < len ? nleft : len;
AC_MEMCPY( buf, ber->ber_ptr, actuallen );
ber->ber_rwptr += res;
/* convert length. */
- ber->ber_len = 0;
for( to_go = 0; to_go < res ; to_go++ ) {
ber->ber_len <<= 8;
ber->ber_len |= netlen[to_go];
}
+ if (PTR_IN_VAR(ber->ber_rwptr, ber->ber_len))
+ return LBER_DEFAULT;
}
fill_buffer:
/* now fill the buffer. */
+
+ /* make sure length is reasonable */
+ if ( ber->ber_len == 0 ||
+ ( sb->sb_max_incoming && ber->ber_len > sb->sb_max_incoming ))
+ {
+ errno = ERANGE;
+ return LBER_DEFAULT;
+ }
+
if (ber->ber_buf==NULL) {
ber->ber_buf = (char *) LBER_MALLOC( ber->ber_len );
if (ber->ber_buf==NULL) {
ber_socket_t sb_fd;
unsigned int sb_trans_needs_read:1;
unsigned int sb_trans_needs_write:1;
+ ber_len_t sb_max_incoming;
};
#define SOCKBUF_VALID( sb ) ( (sb)->sb_valid == LBER_VALID_SOCKBUF )
#include <io.h>
#endif /* HAVE_IO_H */
+#if defined( HAVE_FCNTL_H )
+#include <fcntl.h>
+#endif
+
#if defined( HAVE_SYS_FILIO_H )
#include <sys/filio.h>
#elif defined( HAVE_SYS_IOCTL_H )
int ret = 0;
assert( sb != NULL );
+ assert( SOCKBUF_VALID( sb ) );
switch ( opt ) {
case LBER_SB_OPT_HAS_IO:
ret = ( sb->sb_trans_needs_write ? 1 : 0 );
break;
+ case LBER_SB_OPT_GET_MAX_INCOMING:
+ if ( arg != NULL ) {
+ *((ber_len_t *)arg) = sb->sb_max_incoming;
+ }
+ ret = 1;
+ break;
+
+ case LBER_SB_OPT_SET_MAX_INCOMING:
+ sb->sb_max_incoming = *((ber_len_t *)arg);
+ ret = 1;
+ break;
+
default:
ret = sb->sb_iod->sbiod_io->sbi_ctrl( sb->sb_iod,
opt, arg );
projects / openldap / commitdiff