oysteikt/heimdal
oysteikt/heimdal
0
0
Fork 0
Code Issues5 Pull Requests Releases Activity

kcm,kdc/config.c: detect too big max_request sizes (>= 64 MB)

Browse Source
This commit is contained in:
Robert Manner 2023-01-11 16:02:23 +01:00 committed by Nico Williams
parent 65e5b0ab79
commit 56d97563f0
2 changed files with 27 additions and 6 deletions

15
kcm/config.c

@ -36,6 +36,8 @@
#include <getarg.h> #include <getarg.h>
#include <parse_bytes.h> #include <parse_bytes.h>
#define MAX_REQUEST_MAX 67108864ll /* 64MB, the maximum accepted value of max_request */
static const char *config_file; /* location of kcm config file */ static const char *config_file; /* location of kcm config file */
size_t max_request = 0; /* maximal size of a request */ size_t max_request = 0; /* maximal size of a request */
@ -360,13 +362,16 @@ kcm_configure(int argc, char **argv)
} }
if (max_request_str) { if (max_request_str) {
ssize_t bytes; int64_t bytes;
if ((bytes = parse_bytes(max_request_str, NULL)) < 0) if ((bytes = parse_bytes(max_request_str, NULL)) < 0)
krb5_errx(kcm_context, 1, krb5_errx(kcm_context, 1,
"--max-request size must be non-negative"); "--max-request size must be non-negative");
if (bytes > MAX_REQUEST_MAX)
krb5_errx(kcm_context, 1, "--max-request size is too big "
"(must be smaller than %lld)", MAX_REQUEST_MAX);
max_request = bytes; max_request = bytes;
} }
if(max_request == 0){ if(max_request == 0){
@ -376,11 +381,15 @@ kcm_configure(int argc, char **argv)
"max-request", "max-request",
NULL); NULL);
if (p) { if (p) {
ssize_t bytes; int64_t bytes;
if ((bytes = parse_bytes(max_request_str, NULL)) < 0) if ((bytes = parse_bytes(max_request_str, NULL)) < 0)
krb5_errx(kcm_context, 1, krb5_errx(kcm_context, 1,
"[kcm] max-request size must be non-negative"); "[kcm] max-request size must be non-negative");
if (bytes > MAX_REQUEST_MAX)
krb5_errx(kcm_context, 1, "[kcm] max-request size is too big "
"(must be smaller than %lld)", MAX_REQUEST_MAX);
max_request = bytes; max_request = bytes;
} }
} }

18
kdc/config.c

@ -37,6 +37,8 @@
#include <getarg.h> #include <getarg.h>
#include <parse_bytes.h> #include <parse_bytes.h>
#define MAX_REQUEST_MAX 67108864ll /* 64MB, the maximum accepted value of max_request */
struct dbinfo { struct dbinfo {
char *realm; char *realm;
char *dbname; char *dbname;
@ -222,11 +224,16 @@ configure(krb5_context context, int argc, char **argv, int *optidx)
krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo"); krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
if (max_request_str) { if (max_request_str) {
ssize_t bytes; int64_t bytes;
if ((bytes = parse_bytes(max_request_str, NULL)) < 0) if ((bytes = parse_bytes(max_request_str, NULL)) < 0)
krb5_errx(context, 1, "--max-request must be non-negative"); krb5_errx(context, 1, "--max-request must be non-negative");
max_request_tcp = max_request_udp = bytes;
if (bytes > MAX_REQUEST_MAX)
krb5_errx(context, 1, "--max-request size is too big "
"(must be smaller than %lld)", MAX_REQUEST_MAX);
max_request_tcp = max_request_udp = bytes;
} }
if(max_request_tcp == 0){ if(max_request_tcp == 0){
@ -236,10 +243,15 @@ configure(krb5_context context, int argc, char **argv, int *optidx)
"max-request", "max-request",
NULL); NULL);
if (p) { if (p) {
ssize_t bytes; int64_t bytes;
if ((bytes = parse_bytes(max_request_str, NULL)) < 0) if ((bytes = parse_bytes(max_request_str, NULL)) < 0)
krb5_errx(context, 1, "[kdc] max-request must be non-negative"); krb5_errx(context, 1, "[kdc] max-request must be non-negative");
if (bytes > MAX_REQUEST_MAX)
krb5_errx(context, 1, "[kdc] max-request size is too big "
"(must be smaller than %lld)", MAX_REQUEST_MAX);
max_request_tcp = max_request_udp = bytes; max_request_tcp = max_request_udp = bytes;
} }
} }