From: Thomas Egerer Date: Mon, 15 Jul 2019 16:32:38 +0000 (+0200) Subject: ldap: Use timeout value for synchronous calls X-Git-Tag: 6.0.2dr1~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af9095fdd99065851e4d76209d2d7a087a3e985c;p=thirdparty%2Fstrongswan.git ldap: Use timeout value for synchronous calls So far, the timeout value was only used as connect timeout while a malicious server could accept the connection and then starve us. So use the timeout for LDAP_OPT_TIMEOUT, too, which affects all synchronous calls. In particular, ldap_simple_bind_s(), which has no timeout argument like ldap_search_st(). Signed-off-by: Thomas Egerer --- diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index fda86438ed..74f73e56b2 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -133,6 +133,7 @@ METHOD(fetcher_t, fetch, status_t, ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout); + ldap_set_option(ldap, LDAP_OPT_TIMEOUT, &timeout); DBG2(DBG_LIB, "sending LDAP request to '%s'...", url);