From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 18 Jan 2001 22:18:41 +0000 (+0000)
Subject: Update SASL bufsize checks
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1559
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=599a61016423e4ea98363a827e3d1bdd8e88600e;p=openldap

Update SASL bufsize checks
---

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index e6026872a3..c72198b407 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -27,9 +27,6 @@
 * Various Cyrus SASL related stuff.
 */
 
-#define SASL_MAX_BUFF_SIZE	65536
-#define SASL_MIN_BUFF_SIZE	4096
-
 int ldap_int_sasl_init( void )
 {
 	/* XXX not threadsafe */
@@ -137,13 +134,16 @@ sb_sasl_pkt_length( const char *buf, int debuglevel )
 	tmp = *((long *)buf);
 	size = ntohl( tmp );
    
+	/* we really should check against actual buffer size set
+	 * in the secopts.
+	 */
 	if ( size > SASL_MAX_BUFF_SIZE ) {
 		/* somebody is trying to mess me up. */
 		ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
 			"sb_sasl_pkt_length: received illegal packet length "
 			"of %lu bytes\n", (unsigned long)size );      
 		size = 16; /* this should lead to an error. */
-}
+	}
 
 	return size + 4; /* include the size !!! */
 }
@@ -767,6 +767,10 @@ int ldap_pvt_sasl_secprops(
 				return LDAP_NOT_SUPPORTED;
 			}
 
+			if( maxbufsize > SASL_MAX_BUFF_SIZE ) {
+				return LDAP_PARAM_ERROR;
+			}
+
 		} else {
 			return LDAP_NOT_SUPPORTED;
 		}
diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
index cf49633cb9..ae70a5830e 100644
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -409,11 +409,13 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl
 	gopts->ldo_def_sasl_authcid = NULL;
 	gopts->ldo_def_sasl_authzid = NULL;
 
-	memset( &gopts->ldo_sasl_secprops, '\0', sizeof(gopts->ldo_sasl_secprops) );
+	memset( &gopts->ldo_sasl_secprops,
+		'\0', sizeof(gopts->ldo_sasl_secprops) );
 
 	gopts->ldo_sasl_secprops.max_ssf = INT_MAX;
-	gopts->ldo_sasl_secprops.maxbufsize = 65536;
-	gopts->ldo_sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
+	gopts->ldo_sasl_secprops.maxbufsize = SASL_MAX_BUFF_SIZE;
+	gopts->ldo_sasl_secprops.security_flags =
+		SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
 #endif
 
 #ifdef HAVE_TLS
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 9ed399fae4..78a178bbfb 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -21,6 +21,9 @@
 #ifdef HAVE_CYRUS_SASL
 	/* the need for this should be removed */
 #include <sasl.h>
+
+#define SASL_MAX_BUFF_SIZE	65536
+#define SASL_MIN_BUFF_SIZE	4096
 #endif
 
 /*