[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: small bug in handling of sasl packet sizes



Please submit this to the Issue Tracking System
<http://www.openldap.org/its/> to ensure it doesn't
get dropped on the floor.  Thanks, Kurt

At 11:24 AM 2002-11-14, Lawrence Greenfield wrote:
>cyrus.c contains a minor problem (that doesn't affect functionality).
>
>It appears to assume that "max", retrieved from SASL_MAXOUTBUF,
>constrains the size of a buffer our peer is sending to us. That is not
>the case; SASL_MAXOUTBUF only constrains the size of the plaintext
>that can be handed to sasl_encode().
>
>My patch also removes an unnecessary "maxbuf - 100"; the 100 slop
>factor is definitely not needed for saslv2. (I've preserved it for
>sasl v1, since I'm less sure it was correctly determined by the
>library then.)
>
>Patch attached.
>
>[As a side effect of looking at this, I'm more convinced than ever
>that the OpenLDAP/GSSAPI/Active Directory problem is a problem with
>Microsoft's implementation. Interoperability is restored if
>LBER_MAX_BUFF_SIZE and SASL_MAX_BUFF_SIZE are set to 0x1000000.]
>
>Larry
>
>--[[application/octet-stream; type=patch
>Content-Disposition: attachment; filename="openldap.patch"][7bit]]
>--- cyrus.c.~1.67.~     Mon Oct 14 15:13:52 2002
>+++ cyrus.c     Thu Nov 14 14:16:26 2002
>@@ -194,10 +194,6 @@
>                        "sb_sasl_pkt_length: received illegal packet length "
>                        "of %lu bytes\n", (unsigned long)size );      
>                size = 16; /* this should lead to an error. */
>-       } else if ( size > max ) {
>-               ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
>-                       "sb_sasl_pkt_length: received packet length "
>-                       "of %lu exceeds negotiated max of %lu bytes\n", (unsigned long)size, (unsigned long)max );
>        }
> 
>        return size + 4; /* include the size !!! */
>@@ -344,11 +340,14 @@
>        /* now encode the next packet. */
> #if SASL_VERSION_MAJOR >= 2
>        ber_pvt_sb_buf_init( &p->buf_out );
>+       /* sasl v2 makes sure this number is correct */
>+       if ( len > *p->sasl_maxbuf )
>+               len = *p->sasl_maxbuf;
> #else
>        ber_pvt_sb_buf_destroy( &p->buf_out );
>-#endif
>        if ( len > *p->sasl_maxbuf - 100 )
>                len = *p->sasl_maxbuf - 100;    /* For safety margin */
>+#endif
>        ret = sasl_encode( p->sasl_context, buf, len,
>                (SASL_CONST char **)&p->buf_out.buf_base,
>                (unsigned *)&p->buf_out.buf_size );