[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown
- From: nhosoi@gmail.com
- Date: Mon, 16 Dec 2013 18:20:33 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--001a11c1a2f087afb804edaadb8d
Content-Type: text/plain; charset=ISO-8859-1
Thank you, Howard!
You are right. We are not getting LBER_OVERFLOW, but having the return
code LBER_DEFAULT and "errno == ERANGE". Also, indeed there is no
particular size limits in openldap lber library unless setting the max
incoming ber size with this API:
ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxsize);
We'd like to avoid receiving, e.g., 100MB ber's, but we'd like to also have
a method to log the rejected incoming ber size just in case the
administrator may want to allow to receive it.
Best regards,
--Noriko Hosoi
On Sun, Dec 15, 2013 at 3:58 AM, Howard Chu <hyc@symas.com> wrote:
> nhosoi@gmail.com wrote:
>
>> Full_Name: Noriko Hosoi
>> Version: 2.4.35-4
>> OS: Fedora 18
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (209.132.181.86)
>>
>>
>> We use the OpenLdap library in our software. LDAP clients could send too
>> large
>> ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. We'd
>> like to
>> learn how large the ber size we should prepare from the error. When we
>> look
>> into the BerElement ber using gdb, ber->ber_len stores the value. But the
>> value
>> is not returned to the caller when the API fails, e.g., by the overflow.
>> Could
>> it be possible to have a way to retrieve the ber size under any condition?
>>
>
> That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. Nor
> do we have any particular size limits on a BerElement, other than fitting
> into a long.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
--001a11c1a2f087afb804edaadb8d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div>Thank you, Howard!=A0 <br><br>You are right=
.=A0 We are not getting LBER_OVERFLOW, but having the return code LBER_DEFA=
ULT and "errno =3D=3D ERANGE".=A0 Also, indeed there is no partic=
ular size limits in openldap lber library unless setting the max incoming b=
er size with this API:<br>
=A0=A0=A0 ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxs=
ize);<br><br></div>We'd like to avoid receiving, e.g., 100MB ber's,=
but we'd like to also have a method to log the rejected incoming ber s=
ize just in case the administrator may want to allow to receive it.<br>
<br></div>Best regards,<br></div>--Noriko Hosoi<br></div><div class=3D"gmai=
l_extra"><br><br><div class=3D"gmail_quote">On Sun, Dec 15, 2013 at 3:58 AM=
, Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc@symas.com" target=
=3D"_blank">hyc@symas.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><a href=3D"mailto:nhosoi@gmail.com" target=
=3D"_blank">nhosoi@gmail.com</a> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Full_Name: Noriko Hosoi<br>
Version: 2.4.35-4<br>
OS: Fedora 18<br>
URL: <a href=3D"ftp://ftp.openldap.org/incoming/" target=3D"_blank">ftp://f=
tp.openldap.org/<u></u>incoming/</a><br>
Submission from: (NULL) (209.132.181.86)<br>
<br>
<br>
We use the OpenLdap library in our software. =A0LDAP clients could send too=
large<br>
ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. =A0We'd=
like to<br>
learn how large the ber size we should prepare from the error. =A0When we l=
ook<br>
into the BerElement ber using gdb, ber->ber_len stores the value. But th=
e value<br>
is not returned to the caller when the API fails, e.g., by the overflow. =
=A0Could<br>
it be possible to have a way to retrieve the ber size under any condition?<=
br>
</blockquote>
<br>
That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. =
Nor do we have any particular size limits on a BerElement, other than fitti=
ng into a long.<span class=3D"HOEnZb"><font color=3D"#888888"><br>
<br>
-- <br>
=A0 -- Howard Chu<br>
=A0 CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 <a href=3D"http://www.symas.com" t=
arget=3D"_blank">http://www.symas.com</a><br>
=A0 Director, Highland Sun =A0 =A0 <a href=3D"http://highlandsun.com/hyc/" =
target=3D"_blank">http://highlandsun.com/hyc/</a><br>
=A0 Chief Architect, OpenLDAP =A0<a href=3D"http://www.openldap.org/project=
/" target=3D"_blank">http://www.openldap.org/<u></u>project/</a><br>
</font></span></blockquote></div><br></div>
--001a11c1a2f087afb804edaadb8d--