Update bufsize handling

2024-11-27 02:22:00 +08:00 · 2001-02-03 05:24:41 +00:00 · 2001-02-03 05:24:41 +00:00 · 9d241af7f6
commit 9d241af7f6
parent b64a0b52e7
3 changed files with 24 additions and 11 deletions
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@ -27,9 +27,6 @@
 * Various Cyrus SASL related stuff.
 */

-#define SASL_MAX_BUFF_SIZE	65536
-#define SASL_MIN_BUFF_SIZE	4096
-
 int ldap_int_sasl_init( void )
 {
 	/* XXX not threadsafe */
@ -127,23 +124,27 @@ sb_sasl_remove( Sockbuf_IO_Desc *sbiod )
 }

 static ber_len_t
-sb_sasl_pkt_length( const char *buf, int debuglevel )
+sb_sasl_pkt_length( const unsigned char *buf, int debuglevel )
 {
 	ber_len_t		size;
-	long			tmp;

 	assert( buf != NULL );

-	tmp = *((long *)buf);
-	size = ntohl( tmp );
+	size = buf[0] << 24
+		| buf[1] << 16
+		| buf[2] << 8
+		| buf[3];
   
+	/* we really should check against actual buffer size set
+	 * in the secopts.
+	 */
 	if ( size > SASL_MAX_BUFF_SIZE ) {
 		/* somebody is trying to mess me up. */
 		ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
 			"sb_sasl_pkt_length: received illegal packet length "
 			"of %lu bytes\n", (unsigned long)size );      
 		size = 16; /* this should lead to an error. */
-}
+	}

 	return size + 4; /* include the size !!! */
 }
@ -766,6 +767,13 @@ int ldap_pvt_sasl_secprops(
 				return LDAP_NOT_SUPPORTED;
 			}

+			if( maxbufsize && (( maxbufsize < SASL_MIN_BUFF_SIZE )
+				|| (maxbufsize > SASL_MAX_BUFF_SIZE )))
+			{
+				/* bad maxbufsize */
+				return LDAP_PARAM_ERROR;
+			}
+
 		} else {
 			return LDAP_NOT_SUPPORTED;
 		}
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@ -409,11 +409,13 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl
 	gopts->ldo_def_sasl_authcid = NULL;
 	gopts->ldo_def_sasl_authzid = NULL;

-	memset( &gopts->ldo_sasl_secprops, '\0', sizeof(gopts->ldo_sasl_secprops) );
+	memset( &gopts->ldo_sasl_secprops,
+		'\0', sizeof(gopts->ldo_sasl_secprops) );

 	gopts->ldo_sasl_secprops.max_ssf = INT_MAX;
-	gopts->ldo_sasl_secprops.maxbufsize = 65536;
-	gopts->ldo_sasl_secprops.security_flags = SASL_SEC_NOPLAINTEXT|SASL_SEC_NOANONYMOUS;
+	gopts->ldo_sasl_secprops.maxbufsize = SASL_MAX_BUFF_SIZE;
+	gopts->ldo_sasl_secprops.security_flags =
+		SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
 #endif

 #ifdef HAVE_TLS
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -21,6 +21,9 @@
 #ifdef HAVE_CYRUS_SASL
 	/* the need for this should be removed */
 #include <sasl.h>
+
+#define SASL_MAX_BUFF_SIZE	65536
+#define SASL_MIN_BUFF_SIZE	4096
 #endif

 /*