[Fedora-directory-commits] ldapserver/ldap/servers/slapd libglobs.c, 1.31, 1.32 sasl_io.c, 1.16, 1.17 slap.h, 1.40, 1.41

Wed Nov 26 17:32:24 UTC 2008

Author: nkinder

Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9219/ldap/servers/slapd

Modified Files:
	libglobs.c sasl_io.c slap.h 
Log Message:
Resolves: 387851
Summary: Added validation for nsslapd-maxsasliosize value.



Index: libglobs.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32

--- libglobs.c	25 Nov 2008 19:20:26 -0000	1.31
+++ libglobs.c	26 Nov 2008 17:32:21 -0000	1.32
@@ -856,6 +856,7 @@
   cfg->ioblocktimeout = SLAPD_DEFAULT_IOBLOCK_TIMEOUT;
   cfg->outbound_ldap_io_timeout = SLAPD_DEFAULT_OUTBOUND_LDAP_IO_TIMEOUT;
   cfg->max_filter_nest_level = SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL;
+  cfg->maxsasliosize = SLAPD_DEFAULT_MAX_SASLIO_SIZE;
 
 #ifdef _WIN32
   cfg->conntablesize = SLAPD_DEFAULT_CONNTABLESIZE;
@@ -4494,21 +4495,41 @@
 config_set_maxsasliosize( const char *attrname, char *value, char *errorbuf, int apply )
 {
   int retVal =  LDAP_SUCCESS;
+  long maxsasliosize;
+  char *endptr;
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
   if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
         return LDAP_OPERATIONS_ERROR;
   }
 
-  if ( !apply ) {
-        return retVal;
+  maxsasliosize = strtol(value, &endptr, 10);
+
+  /* Check for non-numeric garbage in the value */
+  if (*endptr != '\0') {
+    retVal = LDAP_OPERATIONS_ERROR;
   }
 
-  CFG_LOCK_WRITE(slapdFrontendConfig);
+  /* Check for a value overflow */
+  if (((maxsasliosize == LONG_MAX) || (maxsasliosize == LONG_MIN)) && (errno == ERANGE)){
+    retVal = LDAP_OPERATIONS_ERROR;
+  }
+
+  /* A setting of -1 means unlimited.  Don't allow other negative values. */
+  if ((maxsasliosize < 0) && (maxsasliosize != -1)) {
+    retVal = LDAP_OPERATIONS_ERROR;
+  }
 
-  slapdFrontendConfig->maxsasliosize = atol(value);
+  if (retVal != LDAP_SUCCESS) {
+    PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+                 "%s: \"%s\" is invalid. Value must range from -1 to %ld",
+                 attrname, value, LONG_MAX );
+  } else if (apply) {
+    CFG_LOCK_WRITE(slapdFrontendConfig);
+    slapdFrontendConfig->maxsasliosize = maxsasliosize;
+    CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
 
-  CFG_UNLOCK_WRITE(slapdFrontendConfig);
   return retVal;
 }
 
@@ -4519,9 +4540,6 @@
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
   maxsasliosize = slapdFrontendConfig->maxsasliosize;
-  if (maxsasliosize == 0) {
-    maxsasliosize = 2 * 1024 * 1024; /* Default: 2Mb */
-  }
 
   return maxsasliosize;
 }


Index: sasl_io.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/sasl_io.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- sasl_io.c	25 Nov 2008 19:20:27 -0000	1.16
+++ sasl_io.c	26 Nov 2008 17:32:21 -0000	1.17
@@ -195,6 +195,7 @@
     int ret = 0;
     unsigned char buffer[4];
     size_t packet_length = 0;
+    size_t saslio_limit;
     
     ret = PR_Recv(c->c_prfd,buffer,sizeof(buffer),0,PR_INTERVAL_NO_WAIT);
     if (ret < 0) {
@@ -216,7 +217,10 @@
         LDAPDebug( LDAP_DEBUG_CONNS,
             "read sasl packet length %ld on connection %" PRIu64 "\n", packet_length, c->c_connid, 0 );
 
-        if (packet_length > config_get_maxsasliosize()) {
+        /* Check if the packet length is larger than our max allowed.  A
+         * setting of -1 means that we allow any size SASL IO packet. */
+        saslio_limit = config_get_maxsasliosize();
+        if(((long)saslio_limit != -1) && (packet_length > saslio_limit)) {
             LDAPDebug( LDAP_DEBUG_ANY,
                 "SASL encrypted packet length exceeds maximum allowed limit (length=%ld, limit=%ld)."
                 "  Change the nsslapd-maxsasliosize attribute in cn=config to increase limit.\n",


Index: slap.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slap.h,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- slap.h	25 Nov 2008 19:20:27 -0000	1.40
+++ slap.h	26 Nov 2008 17:32:21 -0000	1.41
@@ -279,6 +279,7 @@
 #define SLAPD_DEFAULT_LOOKTHROUGHLIMIT		5000	/* use -1 for no limit */
 #define SLAPD_DEFAULT_GROUPNESTLEVEL		5
 #define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL	40		/* use -1 for no limit */
+#define SLAPD_DEFAULT_MAX_SASLIO_SIZE		2097152 /* 2MB in bytes.  Use -1 for no limit */
 #define SLAPD_DEFAULT_IOBLOCK_TIMEOUT		1800000 /* half hour in ms */
 #define SLAPD_DEFAULT_OUTBOUND_LDAP_IO_TIMEOUT	300000 /* 5 minutes in ms */
 #define SLAPD_DEFAULT_RESERVE_FDS			64


