From af9095fdd99065851e4d76209d2d7a087a3e985c Mon Sep 17 00:00:00 2001 From: Thomas Egerer Date: Mon, 15 Jul 2019 18:32:38 +0200 Subject: [PATCH] ldap: Use timeout value for synchronous calls So far, the timeout value was only used as connect timeout while a malicious server could accept the connection and then starve us. So use the timeout for LDAP_OPT_TIMEOUT, too, which affects all synchronous calls. In particular, ldap_simple_bind_s(), which has no timeout argument like ldap_search_st(). Signed-off-by: Thomas Egerer --- src/libstrongswan/plugins/ldap/ldap_fetcher.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index fda86438ed..74f73e56b2 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -133,6 +133,7 @@ METHOD(fetcher_t, fetch, status_t, ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout); + ldap_set_option(ldap, LDAP_OPT_TIMEOUT, &timeout); DBG2(DBG_LIB, "sending LDAP request to '%s'...", url); -- 2.47.2