[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown
From: nhosoi@gmail.com
Date: Mon, 16 Dec 2013 18:20:33 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

--001a11c1a2f087afb804edaadb8d
Content-Type: text/plain; charset=ISO-8859-1

Thank you, Howard!

You are right.  We are not getting LBER_OVERFLOW, but having the return
code LBER_DEFAULT and "errno == ERANGE".  Also, indeed there is no
particular size limits in openldap lber library unless setting the max
incoming ber size with this API:
    ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxsize);

We'd like to avoid receiving, e.g., 100MB ber's, but we'd like to also have
a method to log the rejected incoming ber size just in case the
administrator may want to allow to receive it.

Best regards,
--Noriko Hosoi


On Sun, Dec 15, 2013 at 3:58 AM, Howard Chu <hyc@symas.com> wrote:

> nhosoi@gmail.com wrote:
>
>> Full_Name: Noriko Hosoi
>> Version: 2.4.35-4
>> OS: Fedora 18
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (209.132.181.86)
>>
>>
>> We use the OpenLdap library in our software.  LDAP clients could send too
>> large
>> ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs.  We'd
>> like to
>> learn how large the ber size we should prepare from the error.  When we
>> look
>> into the BerElement ber using gdb, ber->ber_len stores the value. But the
>> value
>> is not returned to the caller when the API fails, e.g., by the overflow.
>>  Could
>> it be possible to have a way to retrieve the ber size under any condition?
>>
>
> That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. Nor
> do we have any particular size limits on a BerElement, other than fitting
> into a long.
>
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

--001a11c1a2f087afb804edaadb8d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div><div>Thank you, Howard!=A0 <br><br>You are right=
.=A0 We are not getting LBER_OVERFLOW, but having the return code LBER_DEFA=
ULT and &quot;errno =3D=3D ERANGE&quot;.=A0 Also, indeed there is no partic=
ular size limits in openldap lber library unless setting the max incoming b=
er size with this API:<br>
=A0=A0=A0 ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &amp;maxs=
ize);<br><br></div>We&#39;d like to avoid receiving, e.g., 100MB ber&#39;s,=
 but we&#39;d like to also have a method to log the rejected incoming ber s=
ize just in case the administrator may want to allow to receive it.<br>
<br></div>Best regards,<br></div>--Noriko Hosoi<br></div><div class=3D"gmai=
l_extra"><br><br><div class=3D"gmail_quote">On Sun, Dec 15, 2013 at 3:58 AM=
, Howard Chu <span dir=3D"ltr">&lt;<a href=3D"mailto:hyc@symas.com"; target=
=3D"_blank">hyc@symas.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><a href=3D"mailto:nhosoi@gmail.com"; target=
=3D"_blank">nhosoi@gmail.com</a> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Full_Name: Noriko Hosoi<br>
Version: 2.4.35-4<br>
OS: Fedora 18<br>
URL: <a href=3D"ftp://ftp.openldap.org/incoming/"; target=3D"_blank">ftp://f=
tp.openldap.org/<u></u>incoming/</a><br>
Submission from: (NULL) (209.132.181.86)<br>
<br>
<br>
We use the OpenLdap library in our software. =A0LDAP clients could send too=
 large<br>
ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. =A0We&#39;d=
 like to<br>
learn how large the ber size we should prepare from the error. =A0When we l=
ook<br>
into the BerElement ber using gdb, ber-&gt;ber_len stores the value. But th=
e value<br>
is not returned to the caller when the API fails, e.g., by the overflow. =
=A0Could<br>
it be possible to have a way to retrieve the ber size under any condition?<=
br>
</blockquote>
<br>
That doesn&#39;t sound like OpenLDAP, we have no LBER_OVERFLOW error code. =
Nor do we have any particular size limits on a BerElement, other than fitti=
ng into a long.<span class=3D"HOEnZb"><font color=3D"#888888"><br>
<br>
-- <br>
=A0 -- Howard Chu<br>
=A0 CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 <a href=3D"http://www.symas.com"; t=
arget=3D"_blank">http://www.symas.com</a><br>
=A0 Director, Highland Sun =A0 =A0 <a href=3D"http://highlandsun.com/hyc/"; =
target=3D"_blank">http://highlandsun.com/hyc/</a><br>
=A0 Chief Architect, OpenLDAP =A0<a href=3D"http://www.openldap.org/project=
/" target=3D"_blank">http://www.openldap.org/<u></u>project/</a><br>
</font></span></blockquote></div><br></div>

--001a11c1a2f087afb804edaadb8d--

Prev by Date: (ITS#7768) Use of olcDbUri in LDAP/Chain configuration for ppolicy_forward_updates
Next by Date: Re: (ITS#7766) Account unlocked in slave after two modifications on a master (overlay ppolicy)
Index(es):
- Chronological
- Thread