diff options
| author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-07-01 04:21:42 +0000 |
|---|---|---|
| committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-07-01 04:21:42 +0000 |
| commit | 473d44c9de78b9e1e2ab5d60783dad23fc7719f0 (patch) | |
| tree | a8c088ffd2b29df86c68cb88198525b933b3e3be | |
| parent | a31a23215e6ad209869d4c9abbd85092729853c0 (diff) | |
If the length of an element being read is larger than what is available in
the buffer, return immediately. This fixes reading large messages, and
allows bad requests to be cancelled earlier.
Originally from Alexander Schrijver, tweaked by me.
| -rw-r--r-- | usr.sbin/ldapd/ber.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.sbin/ldapd/ber.c b/usr.sbin/ldapd/ber.c index 936132cbeb0..e69693bc6a1 100644 --- a/usr.sbin/ldapd/ber.c +++ b/usr.sbin/ldapd/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.3 2010/06/08 17:52:47 martinh Exp $ */ +/* $OpenBSD: ber.c,v 1.4 2010/07/01 04:21:41 martinh Exp $ */ /* * Copyright (c) 2007 Reyk Floeter <reyk@vantronix.net> @@ -1065,6 +1065,13 @@ ber_read_element(struct ber *ber, struct ber_element *elm) DPRINTF("ber read element size %zd\n", len); totlen += r + len; + /* If using an external buffer and the total size of the element + * is larger then the external buffer don't bother to continue. */ + if (ber->fd == -1 && totlen > ber->br_rend - ber->br_rbuf) { + errno = ECANCELED; + return -1; + } + elm->be_type = type; elm->be_len = len; elm->be_class = class; |