[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sb_sasl_pkt_length

To: "Howard Chu" <hyc@highlandsun.com>
Subject: Re: sb_sasl_pkt_length
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 12 Jun 2002 00:40:09 -0700
Cc: <openldap-devel@OpenLDAP.org>
In-reply-to: <NMEFLNHODBAOPDKNNJALAEGKDAAA.hyc@highlandsun.com>

At 11:11 PM 2002-06-11, Howard Chu wrote:
>That's the last time I pay attention to comments in the code.

The comment is actually correct.  See RFC 2222.

The problem, I suspect, is that there are implementations
which overrun the negotiated buffer size.  I suggest we
kick out a warning when the negotiated buffer size is
exceeded, and error out when the hard buffer size is
exceeded.

Kurt


>I think this
>fix
>was a mistake. However, I haven't been able to trigger the errors that are
>being reported on the -software list. Anyone else?
>
>@@ -157,10 +161,7 @@
>                | buf[2] << 8
>                | buf[3];
>
>-       /* we really should check against actual buffer size set
>-        * in the secopts.
>-        */
>-       if ( size > SASL_MAX_BUFF_SIZE ) {
>+       if ( size > max ) {
>                /* somebody is trying to mess me up. */
>                ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
>                        "sb_sasl_pkt_length: received illegal packet length
>"
>
>  -- Howard Chu
>  Chief Architect, Symas Corp.       Director, Highland Sun
>  http://www.symas.com               http://highlandsun.com/hyc
>  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: sb_sasl_pkt_length
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- sb_sasl_pkt_length
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: Mutex lock in libraries/libldap/tls.c
Next by Date: Re: OpenLDAP TODO List
Index(es):
- Chronological
- Thread