This is an automated email from the git hooks/post-receive script.
firstyear pushed a change to branch master in repository 389-ds-base.
from b4497c4 Ticket 49441 - Import crashes with large indexed binary attributes new b3629af Ticket 49377 - Incoming BER too large with TLS on plain port
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: ldap/servers/slapd/connection.c | 7 +++++++ 1 file changed, 7 insertions(+)
This is an automated email from the git hooks/post-receive script.
firstyear pushed a commit to branch master in repository 389-ds-base.
commit b3629af054760d9421a41d63b8b8ed513bb6944d Author: William Brown firstyear@redhat.com Date: Tue Nov 7 12:42:11 2017 +1000
Ticket 49377 - Incoming BER too large with TLS on plain port
Bug Description: When doing TLS to a plain port, a message of "ber element 3 bytes too large for max ber" when max ber > 3.
Fix Description: When ber_len < maxber, report that the request may be misformed instead of "oversize" instead. This can lead to a better diagnosis.
https://pagure.io/389-ds-base/issue/49377
Author: wibrown
Review by: mreynolds (thanks!) --- ldap/servers/slapd/connection.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c index 24a7a1c..0128986 100644 --- a/ldap/servers/slapd/connection.c +++ b/ldap/servers/slapd/connection.c @@ -2177,6 +2177,13 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len, ber_len_t maxbe " is %" BERLEN_T " bytes. Change the nsslapd-maxbersize attribute in" " cn=config to increase.\n", conn->c_connid, conn->c_sd, maxbersize); + } else if (ber_len < maxbersize) { + /* This means the request was misformed, not too large. */ + slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error", + "conn=%" PRIu64 " fd=%d Incoming BER Element may be misformed. " + "This may indicate an attempt to use TLS on a plaintext port, " + "IE ldaps://localhost:389. Check your client LDAP_URI settings.\n", + conn->c_connid, conn->c_sd); } else { slapi_log_err(SLAPI_LOG_ERR, "log_ber_too_big_error", "conn=%" PRIu64 " fd=%d Incoming BER Element was %" BERLEN_T " bytes, max allowable"
389-commits@lists.fedoraproject.org