[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: small bug in handling of sasl packet sizes
Please submit this to the Issue Tracking System
<http://www.openldap.org/its/> to ensure it doesn't
get dropped on the floor. Thanks, Kurt
At 11:24 AM 2002-11-14, Lawrence Greenfield wrote:
>cyrus.c contains a minor problem (that doesn't affect functionality).
>
>It appears to assume that "max", retrieved from SASL_MAXOUTBUF,
>constrains the size of a buffer our peer is sending to us. That is not
>the case; SASL_MAXOUTBUF only constrains the size of the plaintext
>that can be handed to sasl_encode().
>
>My patch also removes an unnecessary "maxbuf - 100"; the 100 slop
>factor is definitely not needed for saslv2. (I've preserved it for
>sasl v1, since I'm less sure it was correctly determined by the
>library then.)
>
>Patch attached.
>
>[As a side effect of looking at this, I'm more convinced than ever
>that the OpenLDAP/GSSAPI/Active Directory problem is a problem with
>Microsoft's implementation. Interoperability is restored if
>LBER_MAX_BUFF_SIZE and SASL_MAX_BUFF_SIZE are set to 0x1000000.]
>
>Larry
>
>--[[application/octet-stream; type=patch
>Content-Disposition: attachment; filename="openldap.patch"][7bit]]
>--- cyrus.c.~1.67.~ Mon Oct 14 15:13:52 2002
>+++ cyrus.c Thu Nov 14 14:16:26 2002
>@@ -194,10 +194,6 @@
> "sb_sasl_pkt_length: received illegal packet length "
> "of %lu bytes\n", (unsigned long)size );
> size = 16; /* this should lead to an error. */
>- } else if ( size > max ) {
>- ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
>- "sb_sasl_pkt_length: received packet length "
>- "of %lu exceeds negotiated max of %lu bytes\n", (unsigned long)size, (unsigned long)max );
> }
>
> return size + 4; /* include the size !!! */
>@@ -344,11 +340,14 @@
> /* now encode the next packet. */
> #if SASL_VERSION_MAJOR >= 2
> ber_pvt_sb_buf_init( &p->buf_out );
>+ /* sasl v2 makes sure this number is correct */
>+ if ( len > *p->sasl_maxbuf )
>+ len = *p->sasl_maxbuf;
> #else
> ber_pvt_sb_buf_destroy( &p->buf_out );
>-#endif
> if ( len > *p->sasl_maxbuf - 100 )
> len = *p->sasl_maxbuf - 100; /* For safety margin */
>+#endif
> ret = sasl_encode( p->sasl_context, buf, len,
> (SASL_CONST char **)&p->buf_out.buf_base,
> (unsigned *)&p->buf_out.buf_size );