[389-commits] [389-ds-base] 01/01: Ticket 49377 - Incoming BER too large with TLS on plain port
This is an automated email from the git hooks/post-receive script.
firstyear pushed a commit to branch master
in repository 389-ds-base.
commit b3629af054760d9421a41d63b8b8ed513bb6944d
Author: William Brown <firstyear(a)redhat.com>
Date: Tue Nov 7 12:42:11 2017 +1000
Ticket 49377 - Incoming BER too large with TLS on plain port
Bug Description: When doing TLS to a plain port, a message of
"ber element 3 bytes too large for max ber" when max ber > 3.
Fix Description: When ber_len < maxber, report that the request
may be misformed instead of "oversize" instead. This can lead
to a better diagnosis.
https://pagure.io/389-ds-base/issue/49377
Author: wibrown
Review by: mreynolds (thanks!)
---
ldap/servers/slapd/connection.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 24a7a1c..0128986 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -2177,6 +2177,13 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len,
ber_len_t maxbe
" is %" BERLEN_T " bytes. Change the
nsslapd-maxbersize attribute in"
" cn=config to increase.\n",
conn->c_connid, conn->c_sd, maxbersize);
+ } else if (ber_len < maxbersize) {
+ /* This means the request was misformed, not too large. */
+ slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error",
+ "conn=%" PRIu64 " fd=%d Incoming BER Element may be
misformed. "
+ "This may indicate an attempt to use TLS on a plaintext port,
"
+ "IE ldaps://localhost:389. Check your client LDAP_URI
settings.\n",
+ conn->c_connid, conn->c_sd);
} else {
slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error",
"conn=%" PRIu64 " fd=%d Incoming BER Element was
%" BERLEN_T " bytes, max allowable"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.