svn commit: samba r24796 - in branches/SAMBA_4_0/source/utils: .
kai at samba.org
kai at samba.org
Thu Aug 30 09:02:42 GMT 2007
Author: kai
Date: 2007-08-30 09:02:40 +0000 (Thu, 30 Aug 2007)
New Revision: 24796
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24796
Log:
Add bounds checking to ntlm_auth, increase initial buffer size to 300 to avoid
one talloc/fgets loop in the common case, which is slightly over 200 for the KK
response.
Modified:
branches/SAMBA_4_0/source/utils/ntlm_auth.c
Changeset:
Modified: branches/SAMBA_4_0/source/utils/ntlm_auth.c
===================================================================
--- branches/SAMBA_4_0/source/utils/ntlm_auth.c 2007-08-30 06:45:11 UTC (rev 24795)
+++ branches/SAMBA_4_0/source/utils/ntlm_auth.c 2007-08-30 09:02:40 UTC (rev 24796)
@@ -38,7 +38,8 @@
#include "lib/messaging/irpc.h"
#include "auth/ntlmssp/ntlmssp.h"
-#define INITIAL_BUFFER_SIZE 200
+#define INITIAL_BUFFER_SIZE 300
+#define MAX_BUFFER_SIZE 63000
enum stdio_helper_mode {
SQUID_2_4_BASIC,
@@ -871,7 +872,7 @@
char *buf;
char tmp[INITIAL_BUFFER_SIZE+1];
unsigned int mux_id = 0;
- int length;
+ int length, buf_size = 0;
char *c;
struct mux_private {
unsigned int max_mux;
@@ -907,6 +908,15 @@
}
buf = talloc_append_string(buf, buf, tmp);
+ buf_size += INITIAL_BUFFER_SIZE;
+
+ if (buf_size > MAX_BUFFER_SIZE) {
+ DEBUG(0, ("Invalid Request (too large)\n"));
+ x_fprintf(x_stdout, "ERR\n");
+ talloc_free(buf);
+ return;
+ }
+
c = strchr(buf, '\n');
} while (c == NULL);
More information about the samba-cvs
mailing list