diff options
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/ldap/packet-ldap-template.c | 5 | ||||
-rw-r--r-- | asn1/ldap/packet-ldap-template.h | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c index b3536f03a1..2bd70b7e3c 100644 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -1383,10 +1383,11 @@ dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ /* check for a SASL header, i.e. assume it is SASL if * 1, first four bytes (SASL length) is an integer - * with a value that must be <64k and >2 + * with a value that must be <LDAP_SASL_MAX_BUF and >2 * (>2 to fight false positives, 0x00000000 is a common * "random" tcp payload) - * (no SASL ldap PDUs are ever going to be >64k in size?) + * (SASL ldap PDUs might be >64k in size, which is why + * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h) * * 2, we must have a conversation and the auth type must * be LDAP_AUTH_SASL diff --git a/asn1/ldap/packet-ldap-template.h b/asn1/ldap/packet-ldap-template.h index 75850cfbe9..a181b90891 100644 --- a/asn1/ldap/packet-ldap-template.h +++ b/asn1/ldap/packet-ldap-template.h @@ -79,6 +79,8 @@ #define LDAP_MOD_DELETE 1 #define LDAP_MOD_REPLACE 2 +#define LDAP_SASL_MAX_BUF 4*64*1024 + typedef struct ldap_call_response { gboolean is_request; guint32 req_frame; |