CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
commit458b014a4d10e89f99cc0b54a815b50d6c817dce
authorGary Lockyer <gary@catalyst.net.nz>
Tue, 7 Apr 2020 20:49:23 +0000 (8 08:49 +1200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 21 Apr 2020 11:20:31 +0000 (21 13:20 +0200)
tree825e0ee68e81425245b72794100ae69035f8029a
parent5cf90961748bfcbd8781317a9a80f4ca806a19fb
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode

Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml [new file with mode: 0644]
lib/param/loadparm.c
libcli/cldap/cldap.c
libcli/ldap/ldap_message.c
libcli/ldap/ldap_message.h
libcli/ldap/tests/ldap_message_test.c
source3/param/loadparm.c
source4/ldap_server/ldap_server.c
source4/libcli/ldap/ldap_client.c