diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-27 14:19:22 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-27 14:19:22 -0400 |
| commit | 2544377af4f8d7e102452372bd8ebe030996e4b7 (patch) | |
| tree | 510b5a0156a4ed388ebcc81eb4a7fbb6b7314e97 /src | |
| parent | 26320c9fb054d9fc0a08a1e4271a19b394c17f0c (diff) | |
| download | slapi-nis-2544377af4f8d7e102452372bd8ebe030996e4b7.tar.gz slapi-nis-2544377af4f8d7e102452372bd8ebe030996e4b7.tar.xz slapi-nis-2544377af4f8d7e102452372bd8ebe030996e4b7.zip | |
Sanity check the request size correctly
Use the amount of data that we could have read as the upper bound on
reasonable-looking request lengths.
Diffstat (limited to 'src')
| -rw-r--r-- | src/disp-nis.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/disp-nis.c b/src/disp-nis.c index a5716fe..ce78462 100644 --- a/src/disp-nis.c +++ b/src/disp-nis.c @@ -81,7 +81,7 @@ struct dispatch_client { client_replying_final, } client_state; /* The client's request while we're reading it. */ - char client_inbuf[4096]; + char client_inbuf[8192]; ssize_t client_inbuf_used; char *client_query; ssize_t client_query_size; @@ -717,8 +717,9 @@ client_read(struct plugin_state *state, struct dispatch_client *client) len = ntohl(nlen); last = ((len & 0x80000000) != 0); len &= 0x7fffffff; - if (len > 0x10000) { - /* Disconnect, because that's just ridiculous. */ + if (len > sizeof(client->client_inbuf) - 4) { + /* Disconnect, because that's more data than we could + * have read. */ slapi_log_error(SLAPI_LOG_FATAL, state->plugin_desc->spd_id, "client fragment claims to be %d bytes " |