From 3001ad5169efabbc3e35d177047c714434ba5166 Mon Sep 17 00:00:00 2001 From: Graeme Lunt Date: Fri, 22 Sep 2006 15:19:32 +0000 Subject: When dissecting LDAP, the assumption was made that the maximum LDAP PDU size will be 65535. Anything bigger than this was considered not to be LDAP. However, LDAP can have PDU sizes bigger than this - a CRL can easily grow to be bigger than this, for example. This patch makes the the maximum valid LDAP PDU size a preference. The default value for this new preference is 65535 for backwards compatibility. svn path=/trunk/; revision=19288 --- asn1/ldap/packet-ldap-template.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'asn1') diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c index 0ace0ae43c..456fa0aebc 100644 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -160,6 +160,8 @@ static dissector_table_t ldap_name_dissector_table=NULL; /* desegmentation of LDAP */ static gboolean ldap_desegment = TRUE; static guint ldap_tcp_port = 389; +static guint ldap_max_pdu_size = 65535; + static gboolean do_protocolop = FALSE; static gchar *attr_type = NULL; static gboolean is_binary_attr_type = FALSE; @@ -1328,7 +1330,7 @@ dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ sasl_len=tvb_get_ntohl(tvb, 0); - if( (sasl_len>65535) + if( (sasl_len>ldap_max_pdu_size) || (sasl_len<2) ){ goto this_was_not_sasl; } @@ -1363,7 +1365,7 @@ this_was_not_sasl: offset=get_ber_length(NULL, tvb, 1, &ldap_len, &ind); /* dont check ind since indefinite length is never used for ldap (famous last words)*/ - if(ldap_len<2 || ldap_len>65535){ + if(ldap_len<2 || ldap_len>ldap_max_pdu_size){ goto this_was_not_normal_ldap; } @@ -1626,6 +1628,10 @@ void proto_register_ldap(void) { "Set the port for LDAP operations", 10, &ldap_tcp_port); + prefs_register_uint_preference(ldap_module, "max_pdu", "LDAP Maximum PDU Size", + "The maximum LDAP PDU size. PDUs larger than this will be considered invalid.", + 10, &ldap_max_pdu_size); + proto_cldap = proto_register_protocol( "Connectionless Lightweight Directory Access Protocol", "CLDAP", "cldap"); -- cgit v1.2.3