s4-gensec Don't give more to sasl_encode() than it will permit

We need to ask the library how much data to pass in at any time.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 19 08:37:45 UTC 2010 on sn-devel-104

1 files changed, 10 insertions, 3 deletions

diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c
index c95bae91fe..e05a3b8222 100644
--- a/source4/auth/gensec/cyrus_sasl.c
+++ b/source4/auth/gensec/cyrus_sasl.c
@@ -263,10 +263,17 @@ static NTSTATUS gensec_sasl_wrap_packets(struct gensec_security *gensec_security
 								      struct gensec_sasl_state);
 	const char *out_data;
 	unsigned int out_len;
+	unsigned len_permitted;
+	int sasl_ret = sasl_getprop(gensec_sasl_state->conn, SASL_SSF,
+			(const void**)&len_permitted);
+	if (sasl_ret != SASL_OK) {
+		return sasl_nt_status(sasl_ret);
+	}
+	len_permitted = MIN(len_permitted, in->length);
 
-	int sasl_ret = sasl_encode(gensec_sasl_state->conn,
-				   (char*)in->data, in->length, &out_data,
-				   &out_len);
+	sasl_ret = sasl_encode(gensec_sasl_state->conn,
+			       (char*)in->data, len_permitted, &out_data,
+			       &out_len);
 	if (sasl_ret == SASL_OK) {
 		*out = data_blob_talloc(out_mem_ctx, out_data, out_len);
 		*len_processed = in->length;