From 599a61016423e4ea98363a827e3d1bdd8e88600e Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Thu, 18 Jan 2001 22:18:41 +0000 Subject: [PATCH] Update SASL bufsize checks --- libraries/libldap/cyrus.c | 12 ++++++++---- libraries/libldap/init.c | 8 +++++--- libraries/libldap/ldap-int.h | 3 +++ 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index e6026872a3..c72198b407 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -27,9 +27,6 @@ * Various Cyrus SASL related stuff. */ -#define SASL_MAX_BUFF_SIZE 65536 -#define SASL_MIN_BUFF_SIZE 4096 - int ldap_int_sasl_init( void ) { /* XXX not threadsafe */ @@ -137,13 +134,16 @@ sb_sasl_pkt_length( const char *buf, int debuglevel ) tmp = *((long *)buf); size = ntohl( tmp ); + /* we really should check against actual buffer size set + * in the secopts. + */ if ( size > SASL_MAX_BUFF_SIZE ) { /* somebody is trying to mess me up. */ ber_log_printf( LDAP_DEBUG_ANY, debuglevel, "sb_sasl_pkt_length: received illegal packet length " "of %lu bytes\n", (unsigned long)size ); size = 16; /* this should lead to an error. */ -} + } return size + 4; /* include the size !!! */ } @@ -767,6 +767,10 @@ int ldap_pvt_sasl_secprops( return LDAP_NOT_SUPPORTED; } + if( maxbufsize > SASL_MAX_BUFF_SIZE ) { + return LDAP_PARAM_ERROR; + } + } else { return LDAP_NOT_SUPPORTED; } diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c index cf49633cb9..ae70a5830e 100644 --- a/libraries/libldap/init.c +++ b/libraries/libldap/init.c @@ -409,11 +409,13 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl gopts->ldo_def_sasl_authcid = NULL; gopts->ldo_def_sasl_authzid = NULL; - memset( &gopts->ldo_sasl_secprops, '\0', sizeof(gopts->ldo_sasl_secprops) ); + memset( &gopts->ldo_sasl_secprops, + '\0', sizeof(gopts->ldo_sasl_secprops) ); gopts->ldo_sasl_secprops.max_ssf = INT_MAX; - gopts->ldo_sasl_secprops.maxbufsize = 65536; - gopts->ldo_sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS; + gopts->ldo_sasl_secprops.maxbufsize = SASL_MAX_BUFF_SIZE; + gopts->ldo_sasl_secprops.security_flags = + SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS; #endif #ifdef HAVE_TLS diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 9ed399fae4..78a178bbfb 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -21,6 +21,9 @@ #ifdef HAVE_CYRUS_SASL /* the need for this should be removed */ #include + +#define SASL_MAX_BUFF_SIZE 65536 +#define SASL_MIN_BUFF_SIZE 4096 #endif /* -- 2.39.5