[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL_MAX_BUFF_SIZE in /libraries/libldap/cyrus.c

To: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Subject: Re: SASL_MAX_BUFF_SIZE in /libraries/libldap/cyrus.c
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 18 Jan 2001 11:31:43 -0800
Cc: openldap-devel <openldap-devel@OpenLDAP.org>
In-reply-to: <3A673A65.FA9BB51B@zdv.uni-tuebingen.de>

At 07:48 PM 1/18/01 +0100, Norbert Klasen wrote:
>Is the size of this buffer mandated by some standard or arbitrarily
>chosen for this implementation?

RFC 2222, Section 3 says (in part):
   If the use of a security layer is agreed upon, then the mechanism
   must also define or negotiate the maximum cipher-text buffer size
   that each side is able to receive.

   The length of the cipher-text buffer must be no larger than the
   maximum size that was defined or negotiated by the other side.

Section 7 (GSSAPI) indicates that the length is negotiated.

OpenLDAP, by default, sets the maxbufsize.  If we get buffers
returned larger than this, that's an error.  I note that our
code should have some additional sanity checks.  I committed
a couple.

>I ask because I get errors on large result sets from Active Directory
>when GSSAPI privacy protection is in place:
>sb_sasl_pkt_length: received illegal packet length of 66112 bytes
>sb_sasl_read: failed to decode packet: generic failure

Well, I'd be interested to see if Cyrus SASL sent AD the maxbufsize
requested by OpenLDAP.  If it did, then I would think AD is
in error.

Follow-Ups:
- Re: SASL_MAX_BUFF_SIZE in /libraries/libldap/cyrus.c
  - From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>

References:
- SASL_MAX_BUFF_SIZE in /libraries/libldap/cyrus.c
  - From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>

Prev by Date: change to SASL authzid
Next by Date: Re: ITS#857 - status?
Index(es):
- Chronological
- Thread