[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5692) Re: literal constant 8192 used instead of SLAP_LDAPDN_MAXLEN

To: openldap-its@OpenLDAP.org
Subject: (ITS#5692) Re: literal constant 8192 used instead of SLAP_LDAPDN_MAXLEN
From: ando@sys-net.it
Date: Tue, 9 Sep 2008 16:02:56 GMT

In none of the files you indicated the buffer size 8192 is used for a 
DN, so I see no reason for hijacking SLAP_LDAPDN_MAXLEN for that 
purpose.  It might be good practice to define one or more macros and 
consistently use them, although in the specific cases there is no 
repeated use of the value, nor specific consistency constraints for the 
use of that value.

With respect to your second question, OpenLDAP never relies on 
SLAP_LDAPDN_MAXLEN stability in terms of buffer access; since that macro 
is local to slapd, if it changes the whole slapd will see it.  The only 
issue could be with redefinition of the macro across module compilation, 
if you use dynamic modules.  Also in that case things shouldn't be 
critical, as slapd never relies on that macro for accessing buffers, but 
rather on actual buffer size.  The only potentia issue I see is with 
spurious syntax errors if a module with larger SLAP_LDAPDN_MAXLEN calls 
a DN-related validation/normalization function passing a DN whose length 
is larger than the value of SLAP_LDAPDN_MAXLEN slapd was built with.  No 
buffer overflow risk, though; at most, DoS on uncommonly long DNs.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

Prev by Date: (ITS#5693) [enhancement] extension of slapo-translucent filtering approach
Next by Date: (ITS#5691) Re: malloc without check
Index(es):
- Chronological
- Thread