diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2020-04-07 09:09:01 +1200 |
|---|---|---|
| committer | Gary Lockyer <gary@samba.org> | 2020-05-04 02:59:32 +0000 |
| commit | d7e5213818b960325909c73432cba34ad270fd50 (patch) | |
| tree | 73155d46bb1358ac82123b3f46641b803a2ade9a /docs-xml | |
| parent | 5d6bcef4b4cb0c086733353469ffc04dfaa8ccdd (diff) | |
| download | samba-d7e5213818b960325909c73432cba34ad270fd50.tar.gz | |
CVE-2020-10704: smb.conf: Add max ldap request sizes
Add two new smb.conf parameters to control the maximum permitted ldap
request size.
Adds:
ldap max anonymous request size default 250Kb
ldap max authenticated request size default 16Mb
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml | 18 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml | 18 |
2 files changed, 36 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml b/docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml new file mode 100644 index 00000000000..61bdcec674d --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml @@ -0,0 +1,18 @@ +<samba:parameter name="ldap max anonymous request size" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter specifies the maximum permitted size (in bytes) + for an LDAP request received on an anonymous connection. + </para> + + <para> + If the request size exceeds this limit the request will be + rejected. + </para> +</description> +<value type="default">256000</value> +<value type="example">500000</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml b/docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml new file mode 100644 index 00000000000..c5934f73f95 --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml @@ -0,0 +1,18 @@ +<samba:parameter name="ldap max authenticated request size" + context="G" + type="integer" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter specifies the maximum permitted size (in bytes) + for an LDAP request received on an authenticated connection. + </para> + + <para> + If the request size exceeds this limit the request will be + rejected. + </para> +</description> +<value type="default">16777216</value> +<value type="example">4194304</value> +</samba:parameter> |