|
|
96373c |
From 40811ab7571ddf0a6905b3b019229bdb555bd04d Mon Sep 17 00:00:00 2001
|
|
|
96373c |
From: William Brown <firstyear@redhat.com>
|
|
|
96373c |
Date: Tue, 7 Nov 2017 12:42:11 +1000
|
|
|
96373c |
Subject: [PATCH] Ticket 49377 - Incoming BER too large with TLS on plain port
|
|
|
96373c |
|
|
|
96373c |
Bug Description: When doing TLS to a plain port, a message of
|
|
|
96373c |
"ber element 3 bytes too large for max ber" when max ber > 3.
|
|
|
96373c |
|
|
|
96373c |
Fix Description: When ber_len < maxber, report that the request
|
|
|
96373c |
may be misformed instead of "oversize" instead. This can lead
|
|
|
96373c |
to a better diagnosis.
|
|
|
96373c |
|
|
|
96373c |
https://pagure.io/389-ds-base/issue/49377
|
|
|
96373c |
|
|
|
96373c |
Author: wibrown
|
|
|
96373c |
|
|
|
96373c |
Review by: mreynolds (thanks!)
|
|
|
96373c |
|
|
|
96373c |
Cherry picked from commit b3629af054760d9421a41d63b8b8ed513bb6944d
|
|
|
96373c |
---
|
|
|
96373c |
ldap/servers/slapd/connection.c | 7 +++++++
|
|
|
96373c |
1 file changed, 7 insertions(+)
|
|
|
96373c |
|
|
|
96373c |
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
|
|
|
96373c |
index 3f19b9765..8ef115691 100644
|
|
|
96373c |
--- a/ldap/servers/slapd/connection.c
|
|
|
96373c |
+++ b/ldap/servers/slapd/connection.c
|
|
|
96373c |
@@ -2176,6 +2176,13 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len, ber_len_t maxbe
|
|
|
96373c |
" is %" BERLEN_T " bytes. Change the nsslapd-maxbersize attribute in"
|
|
|
96373c |
" cn=config to increase.\n",
|
|
|
96373c |
conn->c_connid, conn->c_sd, maxbersize);
|
|
|
96373c |
+ } else if (ber_len < maxbersize) {
|
|
|
96373c |
+ /* This means the request was misformed, not too large. */
|
|
|
96373c |
+ slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error",
|
|
|
96373c |
+ "conn=%" PRIu64 " fd=%d Incoming BER Element may be misformed. "
|
|
|
96373c |
+ "This may indicate an attempt to use TLS on a plaintext port, "
|
|
|
96373c |
+ "IE ldaps://localhost:389. Check your client LDAP_URI settings.\n",
|
|
|
96373c |
+ conn->c_connid, conn->c_sd);
|
|
|
96373c |
} else {
|
|
|
96373c |
slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error",
|
|
|
96373c |
"conn=%" PRIu64 " fd=%d Incoming BER Element was %" BERLEN_T " bytes, max allowable"
|
|
|
96373c |
--
|
|
|
96373c |
2.13.6
|
|
|
96373c |
|