From d415a068750ac04c4e14d3a4d7f014bce7c519fd Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
Date: Wed, 4 Mar 2009 18:00:33 -0500
Subject: - reject client requests > 64k in size

---
 src/disp-nis.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/disp-nis.c b/src/disp-nis.c
index 7b7c11d..ceccda4 100644
--- a/src/disp-nis.c
+++ b/src/disp-nis.c
@@ -702,7 +702,7 @@ client_read(struct plugin_state *state, struct dispatch_client *client)
 		last = ((len & 0x80000000) != 0);
 		len &= 0x7fffffff;
 		if (len > 0x10000) {
-			/* Fail, disconnect because that's just ridiculous. */
+			/* Disconnect, because that's just ridiculous. */
 			slapi_log_error(SLAPI_LOG_FATAL,
 					state->plugin_desc->spd_id,
 					"client fragment claims to be %d bytes "
@@ -747,6 +747,18 @@ client_read(struct plugin_state *state, struct dispatch_client *client)
 			client->client_inbuf_used -= (len + 4);
 		}
 		if (last) {
+			if (len > 0x10000) {
+				/* Disconnect, because that's just ridiculous.
+				 */
+				slapi_log_error(SLAPI_LOG_FATAL,
+						state->plugin_desc->spd_id,
+						"client request claims to be "
+						"%d bytes long, assuming it's "
+						"an error\n",
+						client->client_query_size);
+				client_set_closing(state, client);
+				return;
+			}
 			slapi_log_error(SLAPI_LOG_PLUGIN,
 					state->plugin_desc->spd_id,
 					"query is %d bytes long on %d\n",
-- 
cgit