[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#9165) Paged search results on FreeBSD exceed static buffer

To: openldap-its@OpenLDAP.org
Subject: (ITS#9165) Paged search results on FreeBSD exceed static buffer
From: fjo-openldap@ogris.de
Date: Tue, 11 Feb 2020 20:07:30 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Felix J. Ogris
Version: 2.4.49
OS: FreeBSD 12.1 amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.139.74.144)


Hi,

I observed that cookies for paged searches against a Windows based Active
Directory are up to 1000 bytes in length. print_paged_results() in
clients/tools/common.c uses a buf of BUFSIZ chars. BUFSIZ on FreeBSD is only
1024 - see https://svnweb.freebsd.org/base/release/12.1.0/include/stdio.h?view=markup#l209
Thus, ldapsearch against a Windows AD will print the cookie without a trailing
newline, and may expose a security issue if querying an arbitrary LDAP server.
Fixing this specific occurrence is easy (e.g. replace buf[BUFIZ] by buf[8192]).
What about defining a global LDAP_BUFIZ of at least 8192, since BUFSIZ is used
at several locations in the OpenLDAP source tree?

BR,
Felix

Prev by Date: Re: (ITS#9164) back-monitor returning non-requested attributes
Next by Date: (ITS#9166) RE25 admin guide fails to build
Index(es):
- Chronological
- Thread