Full_Name: Felix J. Ogris Version: 2.4.49 OS: FreeBSD 12.1 amd64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.139.74.144)

Hi,

I observed that cookies for paged searches against a Windows based Active Directory are up to 1000 bytes in length. print_paged_results() in clients/tools/common.c uses a buf of BUFSIZ chars. BUFSIZ on FreeBSD is only 1024 - see https://svnweb.freebsd.org/base/release/12.1.0/include/stdio.h?view=markup#l... Thus, ldapsearch against a Windows AD will print the cookie without a trailing newline, and may expose a security issue if querying an arbitrary LDAP server. Fixing this specific occurrence is easy (e.g. replace buf[BUFIZ] by buf[8192]). What about defining a global LDAP_BUFIZ of at least 8192, since BUFSIZ is used at several locations in the OpenLDAP source tree?

BR, Felix