Resolves: 387851

Summary: Added validation for nsslapd-maxsasliosize value.
author: Nathan Kinder <nkinder@redhat.com> 2008-11-26 17:32:21 +0000
committer: Nathan Kinder <nkinder@redhat.com> 2008-11-26 17:32:21 +0000
commit: 765f4ec1b90be091a85eebbb0a254f59d94bb228 (patch)
tree: b5dbe389ddcc2c780920ea901d21a16f735bc91a /ldap
parent: 84d2f261bf2b5a58c3b2f6bc1a1346eb1a4a6bc4 (diff)
download: ds-765f4ec1b90be091a85eebbb0a254f59d94bb228.tar.gz
ds-765f4ec1b90be091a85eebbb0a254f59d94bb228.tar.xz
ds-765f4ec1b90be091a85eebbb0a254f59d94bb228.zip
3 files changed, 32 insertions, 9 deletions
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index a4550b7a..dac93464 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -856,6 +856,7 @@ FrontendConfig_init () {
   cfg->ioblocktimeout = SLAPD_DEFAULT_IOBLOCK_TIMEOUT;
   cfg->outbound_ldap_io_timeout = SLAPD_DEFAULT_OUTBOUND_LDAP_IO_TIMEOUT;
   cfg->max_filter_nest_level = SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL;
+  cfg->maxsasliosize = SLAPD_DEFAULT_MAX_SASLIO_SIZE;
 
 #ifdef _WIN32
   cfg->conntablesize = SLAPD_DEFAULT_CONNTABLESIZE;
@@ -4494,21 +4495,41 @@ int
 config_set_maxsasliosize( const char *attrname, char *value, char *errorbuf, int apply )
 {
   int retVal =  LDAP_SUCCESS;
+  long maxsasliosize;
+  char *endptr;
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
   if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
         return LDAP_OPERATIONS_ERROR;
   }
 
-  if ( !apply ) {
-        return retVal;
+  maxsasliosize = strtol(value, &endptr, 10);
+
+  /* Check for non-numeric garbage in the value */
+  if (*endptr != '\0') {
+    retVal = LDAP_OPERATIONS_ERROR;
   }
 
-  CFG_LOCK_WRITE(slapdFrontendConfig);
+  /* Check for a value overflow */
+  if (((maxsasliosize == LONG_MAX) || (maxsasliosize == LONG_MIN)) && (errno == ERANGE)){
+    retVal = LDAP_OPERATIONS_ERROR;
+  }
+
+  /* A setting of -1 means unlimited.  Don't allow other negative values. */
+  if ((maxsasliosize < 0) && (maxsasliosize != -1)) {
+    retVal = LDAP_OPERATIONS_ERROR;
+  }
 
-  slapdFrontendConfig->maxsasliosize = atol(value);
+  if (retVal != LDAP_SUCCESS) {
+    PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+                 "%s: \"%s\" is invalid. Value must range from -1 to %ld",
+                 attrname, value, LONG_MAX );
+  } else if (apply) {
+    CFG_LOCK_WRITE(slapdFrontendConfig);
+    slapdFrontendConfig->maxsasliosize = maxsasliosize;
+    CFG_UNLOCK_WRITE(slapdFrontendConfig);
+  }
 
-  CFG_UNLOCK_WRITE(slapdFrontendConfig);
   return retVal;
 }
 
@@ -4519,9 +4540,6 @@ config_get_maxsasliosize()
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 
   maxsasliosize = slapdFrontendConfig->maxsasliosize;
-  if (maxsasliosize == 0) {
-    maxsasliosize = 2 * 1024 * 1024; /* Default: 2Mb */
-  }
 
   return maxsasliosize;
 }
diff --git a/ldap/servers/slapd/sasl_io.c b/ldap/servers/slapd/sasl_io.c
index 4c2a97ea..3c19a0d2 100644
--- a/ldap/servers/slapd/sasl_io.c
+++ b/ldap/servers/slapd/sasl_io.c
@@ -195,6 +195,7 @@ sasl_io_start_packet(Connection *c, PRInt32 *err)
     int ret = 0;
     unsigned char buffer[4];
     size_t packet_length = 0;
+    size_t saslio_limit;
     
     ret = PR_Recv(c->c_prfd,buffer,sizeof(buffer),0,PR_INTERVAL_NO_WAIT);
     if (ret < 0) {
@@ -216,7 +217,10 @@ sasl_io_start_packet(Connection *c, PRInt32 *err)
         LDAPDebug( LDAP_DEBUG_CONNS,
             "read sasl packet length %ld on connection %" PRIu64 "\n", packet_length, c->c_connid, 0 );
 
-        if (packet_length > config_get_maxsasliosize()) {
+        /* Check if the packet length is larger than our max allowed.  A
+         * setting of -1 means that we allow any size SASL IO packet. */
+        saslio_limit = config_get_maxsasliosize();
+        if(((long)saslio_limit != -1) && (packet_length > saslio_limit)) {
             LDAPDebug( LDAP_DEBUG_ANY,
                 "SASL encrypted packet length exceeds maximum allowed limit (length=%ld, limit=%ld)."
                 "  Change the nsslapd-maxsasliosize attribute in cn=config to increase limit.\n",
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index cca3178c..41448819 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -279,6 +279,7 @@ typedef void	(*VFP0)();
 #define SLAPD_DEFAULT_LOOKTHROUGHLIMIT		5000	/* use -1 for no limit */
 #define SLAPD_DEFAULT_GROUPNESTLEVEL		5
 #define SLAPD_DEFAULT_MAX_FILTER_NEST_LEVEL	40		/* use -1 for no limit */
+#define SLAPD_DEFAULT_MAX_SASLIO_SIZE		2097152 /* 2MB in bytes.  Use -1 for no limit */
 #define SLAPD_DEFAULT_IOBLOCK_TIMEOUT		1800000 /* half hour in ms */
 #define SLAPD_DEFAULT_OUTBOUND_LDAP_IO_TIMEOUT	300000 /* 5 minutes in ms */
 #define SLAPD_DEFAULT_RESERVE_FDS			64
author	Nathan Kinder <nkinder@redhat.com>	2008-11-26 17:32:21 +0000
committer	Nathan Kinder <nkinder@redhat.com>	2008-11-26 17:32:21 +0000
commit	765f4ec1b90be091a85eebbb0a254f59d94bb228 (patch)
tree	b5dbe389ddcc2c780920ea901d21a16f735bc91a /ldap
parent	84d2f261bf2b5a58c3b2f6bc1a1346eb1a4a6bc4 (diff)
download	ds-765f4ec1b90be091a85eebbb0a254f59d94bb228.tar.gz ds-765f4ec1b90be091a85eebbb0a254f59d94bb228.tar.xz ds-765f4ec1b90be091a85eebbb0a254f59d94bb228.zip