diff options
author | Kai Blin <kai@samba.org> | 2007-08-30 09:02:40 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:03:11 -0500 |
commit | d510accb39f07ae0abfa0b5cdf2e834a41872cde (patch) | |
tree | 8d56fdd45edbd9e5f493709fec5c147877f36156 /source4 | |
parent | 96539eb14343dd5e9ed554924dacf824fa2734cd (diff) | |
download | samba-d510accb39f07ae0abfa0b5cdf2e834a41872cde.tar.gz samba-d510accb39f07ae0abfa0b5cdf2e834a41872cde.tar.bz2 samba-d510accb39f07ae0abfa0b5cdf2e834a41872cde.zip |
r24796: Add bounds checking to ntlm_auth, increase initial buffer size to 300 to avoid
one talloc/fgets loop in the common case, which is slightly over 200 for the KK
response.
(This used to be commit ba5ac4eeb8086d50e829e1a9944ea89a28eeef2c)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/utils/ntlm_auth.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index 162470dd95..f999995daf 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -38,7 +38,8 @@ #include "lib/messaging/irpc.h" #include "auth/ntlmssp/ntlmssp.h" -#define INITIAL_BUFFER_SIZE 200 +#define INITIAL_BUFFER_SIZE 300 +#define MAX_BUFFER_SIZE 63000 enum stdio_helper_mode { SQUID_2_4_BASIC, @@ -871,7 +872,7 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode, char *buf; char tmp[INITIAL_BUFFER_SIZE+1]; unsigned int mux_id = 0; - int length; + int length, buf_size = 0; char *c; struct mux_private { unsigned int max_mux; @@ -907,6 +908,15 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode, } buf = talloc_append_string(buf, buf, tmp); + buf_size += INITIAL_BUFFER_SIZE; + + if (buf_size > MAX_BUFFER_SIZE) { + DEBUG(0, ("Invalid Request (too large)\n")); + x_fprintf(x_stdout, "ERR\n"); + talloc_free(buf); + return; + } + c = strchr(buf, '\n'); } while (c == NULL); |