rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0035-Ticket-49377-Incoming-BER-too-large-with-TLS-on-plai.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   058656d9333ed0f618a2dd0618e12186c146f5fb
  2.   SOURCES
  3.   0035-Ticket-49377-Incoming-BER-too-large-with-TLS-on-plai.patch
Blob History Raw
058656 
From 40811ab7571ddf0a6905b3b019229bdb555bd04d Mon Sep 17 00:00:00 2001
058656 
From: William Brown <firstyear@redhat.com>
058656 
Date: Tue, 7 Nov 2017 12:42:11 +1000
058656 
Subject: [PATCH] Ticket 49377 - Incoming BER too large with TLS on plain port
058656
058656 
Bug Description:  When doing TLS to a plain port, a message of
058656 
"ber element 3 bytes too large for max ber" when max ber > 3.
058656
058656 
Fix Description:  When ber_len < maxber, report that the request
058656 
may be misformed instead of "oversize" instead. This can lead
058656 
to a better diagnosis.
058656
058656 
https://pagure.io/389-ds-base/issue/49377
058656
058656 
Author: wibrown
058656
058656 
Review by: mreynolds (thanks!)
058656
058656 
Cherry picked from commit b3629af054760d9421a41d63b8b8ed513bb6944d
058656 
---
058656 
 ldap/servers/slapd/connection.c | 7 +++++++
058656 
 1 file changed, 7 insertions(+)
058656
058656 
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
058656 
index 3f19b9765..8ef115691 100644
058656 
--- a/ldap/servers/slapd/connection.c
058656 
+++ b/ldap/servers/slapd/connection.c
058656 
@@ -2176,6 +2176,13 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len, ber_len_t maxbe
058656 
                       " is %" BERLEN_T " bytes. Change the nsslapd-maxbersize attribute in"
058656 
                       " cn=config to increase.\n",
058656 
                       conn->c_connid, conn->c_sd, maxbersize);
058656 
+    } else if (ber_len < maxbersize) {
058656 
+        /* This means the request was misformed, not too large. */
058656 
+        slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error",
058656 
+                      "conn=%" PRIu64 " fd=%d Incoming BER Element may be misformed. "
058656 
+                      "This may indicate an attempt to use TLS on a plaintext port, "
058656 
+                      "IE ldaps://localhost:389. Check your client LDAP_URI settings.\n",
058656 
+                      conn->c_connid, conn->c_sd);
058656 
     } else {
058656 
         slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error",
058656 
                       "conn=%" PRIu64 " fd=%d Incoming BER Element was %" BERLEN_T " bytes, max allowable"
058656 
--
058656 
2.13.6
058656

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation