When dissecting LDAP, the assumption was made that the maximum LDAP PDU size will be 65535. Anything bigger than this was considered not to be LDAP. However, LDAP can have PDU sizes bigger than this - a CRL can easily grow to be bigger than this, for example.

This patch makes the the maximum valid LDAP PDU size a preference. The default value for this new preference is 65535 for backwards compatibility.


svn path=/trunk/; revision=19288

1 files changed, 8 insertions, 2 deletions

diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c
index 0ace0ae43c..456fa0aebc 100644
--- a/asn1/ldap/packet-ldap-template.c
+++ b/asn1/ldap/packet-ldap-template.c
@@ -160,6 +160,8 @@ static dissector_table_t ldap_name_dissector_table=NULL;
 /* desegmentation of LDAP */
 static gboolean ldap_desegment = TRUE;
 static guint    ldap_tcp_port = 389;
+static guint    ldap_max_pdu_size = 65535;
+
 static gboolean do_protocolop = FALSE;
 static gchar    *attr_type = NULL;
 static gboolean is_binary_attr_type = FALSE;
@@ -1328,7 +1330,7 @@ dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	 */
 	sasl_len=tvb_get_ntohl(tvb, 0);
  
-	if( (sasl_len>65535) 
+	if( (sasl_len>ldap_max_pdu_size) 
 	||  (sasl_len<2) ){
 		goto this_was_not_sasl;
 	}
@@ -1363,7 +1365,7 @@ this_was_not_sasl:
 	offset=get_ber_length(NULL, tvb, 1, &ldap_len, &ind);
 
 	/* dont check ind since indefinite length is never used for ldap (famous last words)*/
-	if(ldap_len<2 || ldap_len>65535){
+	if(ldap_len<2 || ldap_len>ldap_max_pdu_size){
 		goto this_was_not_normal_ldap;
 	}
 
@@ -1626,6 +1628,10 @@ void proto_register_ldap(void) {
 				 "Set the port for LDAP operations",
 				 10, &ldap_tcp_port);
 
+  prefs_register_uint_preference(ldap_module, "max_pdu", "LDAP Maximum PDU Size",
+				 "The maximum LDAP PDU size. PDUs larger than this will be considered invalid.",
+				 10, &ldap_max_pdu_size);
+
   proto_cldap = proto_register_protocol(
 	  "Connectionless Lightweight Directory Access Protocol",
 	  "CLDAP", "cldap");