git.samba.org - samba.git/commit

author	Gary Lockyer <gary@catalyst.net.nz>
	Tue, 7 Apr 2020 20:49:23 +0000 (08:49 +1200)
committer	Gary Lockyer <gary@samba.org>
	Mon, 4 May 2020 02:59:32 +0000 (02:59 +0000)
commit	3149ea0a8aada3b03d1ca0af2e3a0f6304cda43b
tree	fec0faa865f27affacdae3036c1c5e2daf6655fd	tree
parent	28ee4acc8347299cb41119012d9256d48c92cc5c	commit \| diff

CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode

Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml	[new file with mode: 0644]	blob
lib/fuzzing/fuzz_ldap_decode.c		diff \| blob \| history
lib/param/loadparm.c		diff \| blob \| history
libcli/cldap/cldap.c		diff \| blob \| history
libcli/ldap/ldap_message.c		diff \| blob \| history
libcli/ldap/ldap_message.h		diff \| blob \| history
libcli/ldap/tests/ldap_message_test.c		diff \| blob \| history
source3/param/loadparm.c		diff \| blob \| history
source4/ldap_server/ldap_server.c		diff \| blob \| history
source4/libcli/ldap/ldap_client.c		diff \| blob \| history