[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#9165) Paged search results on FreeBSD exceed static buffer
Full_Name: Felix J. Ogris
Version: 2.4.49
OS: FreeBSD 12.1 amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.139.74.144)
Hi,
I observed that cookies for paged searches against a Windows based Active
Directory are up to 1000 bytes in length. print_paged_results() in
clients/tools/common.c uses a buf of BUFSIZ chars. BUFSIZ on FreeBSD is only
1024 - see https://svnweb.freebsd.org/base/release/12.1.0/include/stdio.h?view=markup#l209
Thus, ldapsearch against a Windows AD will print the cookie without a trailing
newline, and may expose a security issue if querying an arbitrary LDAP server.
Fixing this specific occurrence is easy (e.g. replace buf[BUFIZ] by buf[8192]).
What about defining a global LDAP_BUFIZ of at least 8192, since BUFSIZ is used
at several locations in the OpenLDAP source tree?
BR,
Felix