diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2020-04-08 08:49:23 +1200 |
|---|---|---|
| committer | Gary Lockyer <gary@samba.org> | 2020-05-04 02:59:32 +0000 |
| commit | 3149ea0a8aada3b03d1ca0af2e3a0f6304cda43b (patch) | |
| tree | fec0faa865f27affacdae3036c1c5e2daf6655fd /lib/param/loadparm.c | |
| parent | 28ee4acc8347299cb41119012d9256d48c92cc5c (diff) | |
| download | samba-3149ea0a8aada3b03d1ca0af2e3a0f6304cda43b.tar.gz | |
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
Add search request size limits to ldap_decode calls.
The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/param/loadparm.c')
| -rw-r--r-- | lib/param/loadparm.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 813766a6b60..777999a3a76 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -3060,6 +3060,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lp_ctx, "ldap max anonymous request size", "256000"); lpcfg_do_global_parameter( lp_ctx, "ldap max authenticated request size", "16777216"); + lpcfg_do_global_parameter( + lp_ctx, "ldap max search request size", "256000"); for (i = 0; parm_table[i].label; i++) { if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) { |