diff options
| author | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | 2009-03-04 18:00:33 -0500 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | 2009-03-04 18:00:33 -0500 |
| commit | d415a068750ac04c4e14d3a4d7f014bce7c519fd (patch) | |
| tree | 5d5842ff857b5f5d8bb79b0afb170fc56f6cc790 /src | |
| parent | 46e060aa6af44cd2a6d3de6a85545290418410b8 (diff) | |
- reject client requests > 64k in size
Diffstat (limited to 'src')
| -rw-r--r-- | src/disp-nis.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/disp-nis.c b/src/disp-nis.c index 7b7c11d..ceccda4 100644 --- a/src/disp-nis.c +++ b/src/disp-nis.c @@ -702,7 +702,7 @@ client_read(struct plugin_state *state, struct dispatch_client *client) last = ((len & 0x80000000) != 0); len &= 0x7fffffff; if (len > 0x10000) { - /* Fail, disconnect because that's just ridiculous. */ + /* Disconnect, because that's just ridiculous. */ slapi_log_error(SLAPI_LOG_FATAL, state->plugin_desc->spd_id, "client fragment claims to be %d bytes " @@ -747,6 +747,18 @@ client_read(struct plugin_state *state, struct dispatch_client *client) client->client_inbuf_used -= (len + 4); } if (last) { + if (len > 0x10000) { + /* Disconnect, because that's just ridiculous. + */ + slapi_log_error(SLAPI_LOG_FATAL, + state->plugin_desc->spd_id, + "client request claims to be " + "%d bytes long, assuming it's " + "an error\n", + client->client_query_size); + client_set_closing(state, client); + return; + } slapi_log_error(SLAPI_LOG_PLUGIN, state->plugin_desc->spd_id, "query is %d bytes long on %d\n", |