[Date Prev][Date Next]
SASL 1.5.x maxbuf size handling (ITS#2484)
Full_Name: Simon Wilkinson
Submission from: (NULL) (220.127.116.11)
The GSSAPI plugin that ships with SASL 1.5 doesn't handle buffer size exchange
properly. This results in the server receiving a buffer size of 0.
The OpenLDAP server fails to handle this correctly due to the following lines
if ( len > *p->sasl_maxbuf - 100 )
len = *p->sasl_maxbuf - 100; /* For safety margin */
len and sasl_maxbuf are both unsigned, if sasl_maxbuf<100, then this overflows.
This behaviour is harmless until a PDU larger than 65536 is returned by the
server, causing the client to complain that the result is larger than the
[ Aside: With SASL v2, would forcing the negotiation of a maxbuf of 0 result in
a denial of service attack, as the server would constantly transmit empty
Locally, we've fixed the SASL bug, but I thought that the more general problem
in the server code was worth raising.