git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

openldap: limit max incoming size

Browse Source 
Set the maximum allowed size of an incoming LDAP message, which to
OpenLDAP means that it allows malloc() up to this size. If not set,
there is no limit and we instead risk a malloc() failure.

The limit is arbitrarily set to 256K as I can't figure out what a
reasonable value should be.

OpenLDAP docs: https://openldap.org/software/man.cgi?query=lber-sockbuf&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html

Bug: https://issues.oss-fuzz.com/issues/432441303
Closes #19087
This commit is contained in:
Daniel Stenberg 2025-10-16 21:47:42 +02:00
parent da06621d61
commit f91be14bfb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/openldap.c
View File

@ -659,6 +659,19 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done)
/* Do not chase referrals. */
ldap_set_option(li->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
{
ber_len_t max = 256*1024;
Sockbuf *sb;
if(ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, (void **)&sb) ||
/* Set the maximum allowed size of an incoming message, which to
OpenLDAP means that it will malloc() memory up to this size. If not
set, there is no limit and we instead risk a malloc() failure. */
ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_MAX_INCOMING, &max)) {
result = CURLE_FAILED_INIT;
goto out;
}
}
#ifdef USE_SSL
if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
result = oldap_ssl_connect(data, OLDAP_SSL);