[Date Prev][Date Next]
Re: SASL_MAX_BUFF_SIZE in /libraries/libldap/cyrus.c
At 07:48 PM 1/18/01 +0100, Norbert Klasen wrote:
>Is the size of this buffer mandated by some standard or arbitrarily
>chosen for this implementation?
RFC 2222, Section 3 says (in part):
If the use of a security layer is agreed upon, then the mechanism
must also define or negotiate the maximum cipher-text buffer size
that each side is able to receive.
The length of the cipher-text buffer must be no larger than the
maximum size that was defined or negotiated by the other side.
Section 7 (GSSAPI) indicates that the length is negotiated.
OpenLDAP, by default, sets the maxbufsize. If we get buffers
returned larger than this, that's an error. I note that our
code should have some additional sanity checks. I committed
>I ask because I get errors on large result sets from Active Directory
>when GSSAPI privacy protection is in place:
>sb_sasl_pkt_length: received illegal packet length of 66112 bytes
>sb_sasl_read: failed to decode packet: generic failure
Well, I'd be interested to see if Cyrus SASL sent AD the maxbufsize
requested by OpenLDAP. If it did, then I would think AD is