summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2007-08-30 09:02:40 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 15:03:11 -0500
commitd510accb39f07ae0abfa0b5cdf2e834a41872cde (patch)
tree8d56fdd45edbd9e5f493709fec5c147877f36156
parent96539eb14343dd5e9ed554924dacf824fa2734cd (diff)
downloadsamba-d510accb39f07ae0abfa0b5cdf2e834a41872cde.tar.gz
samba-d510accb39f07ae0abfa0b5cdf2e834a41872cde.tar.bz2
samba-d510accb39f07ae0abfa0b5cdf2e834a41872cde.zip
r24796: Add bounds checking to ntlm_auth, increase initial buffer size to 300 to avoid
one talloc/fgets loop in the common case, which is slightly over 200 for the KK response. (This used to be commit ba5ac4eeb8086d50e829e1a9944ea89a28eeef2c)
-rw-r--r--source4/utils/ntlm_auth.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 162470dd95..f999995daf 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -38,7 +38,8 @@
#include "lib/messaging/irpc.h"
#include "auth/ntlmssp/ntlmssp.h"
-#define INITIAL_BUFFER_SIZE 200
+#define INITIAL_BUFFER_SIZE 300
+#define MAX_BUFFER_SIZE 63000
enum stdio_helper_mode {
SQUID_2_4_BASIC,
@@ -871,7 +872,7 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode,
char *buf;
char tmp[INITIAL_BUFFER_SIZE+1];
unsigned int mux_id = 0;
- int length;
+ int length, buf_size = 0;
char *c;
struct mux_private {
unsigned int max_mux;
@@ -907,6 +908,15 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode,
}
buf = talloc_append_string(buf, buf, tmp);
+ buf_size += INITIAL_BUFFER_SIZE;
+
+ if (buf_size > MAX_BUFFER_SIZE) {
+ DEBUG(0, ("Invalid Request (too large)\n"));
+ x_fprintf(x_stdout, "ERR\n");
+ talloc_free(buf);
+ return;
+ }
+
c = strchr(buf, '\n');
} while (c == NULL);