ldap: Use timeout value for synchronous calls

So far, the timeout value was only used as connect timeout while a
malicious server could accept the connection and then starve us. So use
the timeout for LDAP_OPT_TIMEOUT, too, which affects all synchronous
calls.  In particular, ldap_simple_bind_s(), which has no timeout
argument like ldap_search_st().

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>

diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index fda86438ed2a363c45353286b37689d558544fbd..74f73e56b24e78e164c0d09e0bd655d3131ad129 100644 (file)
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -133,6 +133,7 @@ METHOD(fetcher_t, fetch, status_t,
 
        ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
        ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
+       ldap_set_option(ldap, LDAP_OPT_TIMEOUT, &timeout);
 
        DBG2(DBG_LIB, "sending LDAP request to '%s'...", url);