From nhosoi@gmail.com Mon Dec 16 18:20:34 2013 From: nhosoi@gmail.com To: openldap-bugs@openldap.org Subject: Re: (ITS#7764) RFE: library lber method which returns the ber size even if the ber is overflown Date: Mon, 16 Dec 2013 18:20:33 +0000 Message-ID: <201312161820.rBGIKXHC033426@boole.openldap.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7300046422260117492==" --===============7300046422260117492== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit --001a11c1a2f087afb804edaadb8d Content-Type: text/plain; charset=ISO-8859-1 Thank you, Howard! You are right. We are not getting LBER_OVERFLOW, but having the return code LBER_DEFAULT and "errno == ERANGE". Also, indeed there is no particular size limits in openldap lber library unless setting the max incoming ber size with this API: ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxsize); We'd like to avoid receiving, e.g., 100MB ber's, but we'd like to also have a method to log the rejected incoming ber size just in case the administrator may want to allow to receive it. Best regards, --Noriko Hosoi On Sun, Dec 15, 2013 at 3:58 AM, Howard Chu wrote: > nhosoi(a)gmail.com wrote: > >> Full_Name: Noriko Hosoi >> Version: 2.4.35-4 >> OS: Fedora 18 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (209.132.181.86) >> >> >> We use the OpenLdap library in our software. LDAP clients could send too >> large >> ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. We'd >> like to >> learn how large the ber size we should prepare from the error. When we >> look >> into the BerElement ber using gdb, ber->ber_len stores the value. But the >> value >> is not returned to the caller when the API fails, e.g., by the overflow. >> Could >> it be possible to have a way to retrieve the ber size under any condition? >> > > That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. Nor > do we have any particular size limits on a BerElement, other than fitting > into a long. > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > --001a11c1a2f087afb804edaadb8d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

Thank you, Howard!=A0

You are right= .=A0 We are not getting LBER_OVERFLOW, but having the return code LBER_DEFA= ULT and "errno =3D=3D ERANGE".=A0 Also, indeed there is no partic= ular size limits in openldap lber library unless setting the max incoming b= er size with this API:
=A0=A0=A0 ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxs= ize);

We'd like to avoid receiving, e.g., 100MB ber's,= but we'd like to also have a method to log the rejected incoming ber s= ize just in case the administrator may want to allow to receive it.

Best regards,

--Noriko Hosoi

On Sun, Dec 15, 2013 at 3:58 AM= , Howard Chu <hyc(a)symas.com> wrote:

nhosoi(a)gmail.com wrote:

Full_Name: Noriko Hosoi
Version: 2.4.35-4
OS: Fedora 18
URL: ftp://f= tp.openldap.org/incoming/
Submission from: (NULL) (209.132.181.86)

We use the OpenLdap library in our software. =A0LDAP clients could send too= large
ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. =A0We'd= like to
learn how large the ber size we should prepare from the error. =A0When we l= ook
into the BerElement ber using gdb, ber->ber_len stores the value. But th= e value
is not returned to the caller when the API fails, e.g., by the overflow. = =A0Could
it be possible to have a way to retrieve the ber size under any condition?<= br>

That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. = Nor do we have any particular size limits on a BerElement, other than fitti= ng into a long.

--
=A0 -- Howard Chu
=A0 CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 http://www.symas.com
=A0 Director, Highland Sun =A0 =A0 http://highlandsun.com/hyc/
=A0 Chief Architect, OpenLDAP =A0http://www.openldap.org/project/

--001a11c1a2f087afb804edaadb8d-- --===============7300046422260117492==--