--001a11c1a2f087afb804edaadb8d Content-Type: text/plain; charset=ISO-8859-1
Thank you, Howard!
You are right. We are not getting LBER_OVERFLOW, but having the return code LBER_DEFAULT and "errno == ERANGE". Also, indeed there is no particular size limits in openldap lber library unless setting the max incoming ber size with this API: ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxsize);
We'd like to avoid receiving, e.g., 100MB ber's, but we'd like to also have a method to log the rejected incoming ber size just in case the administrator may want to allow to receive it.
Best regards, --Noriko Hosoi
On Sun, Dec 15, 2013 at 3:58 AM, Howard Chu hyc@symas.com wrote:
nhosoi@gmail.com wrote:
Full_Name: Noriko Hosoi Version: 2.4.35-4 OS: Fedora 18 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (209.132.181.86)
We use the OpenLdap library in our software. LDAP clients could send too large ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. We'd like to learn how large the ber size we should prepare from the error. When we look into the BerElement ber using gdb, ber->ber_len stores the value. But the value is not returned to the caller when the API fails, e.g., by the overflow. Could it be possible to have a way to retrieve the ber size under any condition?
That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. Nor do we have any particular size limits on a BerElement, other than fitting into a long.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--001a11c1a2f087afb804edaadb8d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div>Thank you, Howard!=A0 <br><br>You are right= .=A0 We are not getting LBER_OVERFLOW, but having the return code LBER_DEFA= ULT and "errno =3D=3D ERANGE".=A0 Also, indeed there is no partic= ular size limits in openldap lber library unless setting the max incoming b= er size with this API:<br> =A0=A0=A0 ber_sockbuf_ctrl(sockbuf, LBER_SB_OPT_SET_MAX_INCOMING, &maxs= ize);<br><br></div>We'd like to avoid receiving, e.g., 100MB ber's,= but we'd like to also have a method to log the rejected incoming ber s= ize just in case the administrator may want to allow to receive it.<br> <br></div>Best regards,<br></div>--Noriko Hosoi<br></div><div class=3D"gmai= l_extra"><br><br><div class=3D"gmail_quote">On Sun, Dec 15, 2013 at 3:58 AM= , Howard Chu <span dir=3D"ltr"><<a href=3D"mailto:hyc@symas.com" target= =3D"_blank">hyc@symas.com</a>></span> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"><a href=3D"mailto:nhosoi@gmail.com" target= =3D"_blank">nhosoi@gmail.com</a> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"> Full_Name: Noriko Hosoi<br> Version: 2.4.35-4<br> OS: Fedora 18<br> URL: <a href=3D"ftp://ftp.openldap.org/incoming/" target=3D"_blank">ftp://f= tp.openldap.org/<u></u>incoming/</a><br> Submission from: (NULL) (209.132.181.86)<br> <br> <br> We use the OpenLdap library in our software. =A0LDAP clients could send too= large<br> ber and cause LBER_OVERFLOW (or LBER_DEFAULT) to the lber APIs. =A0We'd= like to<br> learn how large the ber size we should prepare from the error. =A0When we l= ook<br> into the BerElement ber using gdb, ber->ber_len stores the value. But th= e value<br> is not returned to the caller when the API fails, e.g., by the overflow. = =A0Could<br> it be possible to have a way to retrieve the ber size under any condition?<= br> </blockquote> <br> That doesn't sound like OpenLDAP, we have no LBER_OVERFLOW error code. = Nor do we have any particular size limits on a BerElement, other than fitti= ng into a long.<span class=3D"HOEnZb"><font color=3D"#888888"><br> <br> -- <br> =A0 -- Howard Chu<br> =A0 CTO, Symas Corp. =A0 =A0 =A0 =A0 =A0 <a href=3D"http://www.symas.com" t= arget=3D"_blank">http://www.symas.com</a><br> =A0 Director, Highland Sun =A0 =A0 <a href=3D"http://highlandsun.com/hyc/" = target=3D"_blank">http://highlandsun.com/hyc/</a><br> =A0 Chief Architect, OpenLDAP =A0<a href=3D"http://www.openldap.org/project= /" target=3D"_blank">http://www.openldap.org/<u></u>project/</a><br> </font></span></blockquote></div><br></div>
--001a11c1a2f087afb804edaadb8d--