git.samba.org / kseeger / samba-autobuild-v4-13-test / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8729c05) | patch
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
authorGary Lockyer <gary@catalyst.net.nz>
Tue, 7 Apr 2020 20:49:23 +0000 (08:49 +1200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 22 Apr 2020 10:50:42 +0000 (12:50 +0200)
commitdb78f2667eb51c106c66edebcf66914ea580bfc6
tree7a3fd1e016a79e22e0aca35c9a4ff9d316987860tree
parent8729c05b1cd6a63d9f8e163b2e438007db3eb4f8commit | diff
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode

Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml [new file with mode: 0644] blob
lib/fuzzing/fuzz_ldap_decode.c diff | blob | history
lib/param/loadparm.c diff | blob | history
libcli/cldap/cldap.c diff | blob | history
libcli/ldap/ldap_message.c diff | blob | history
libcli/ldap/ldap_message.h diff | blob | history
libcli/ldap/tests/ldap_message_test.c diff | blob | history
source3/param/loadparm.c diff | blob | history
source4/ldap_server/ldap_server.c diff | blob | history
source4/libcli/ldap/ldap_client.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.