Protect against too many extensions in LDAP URI

diff --git a/src/lib/ldap/util.c b/src/lib/ldap/util.c
index ec892ca8e6f3e1a4c1dc24b4372df01427244563..15a5ca2a3c6fe2049bff450343ce6bd7e49387ed 100644 (file)
--- a/src/lib/ldap/util.c
+++ b/src/lib/ldap/util.c
@@ -323,6 +323,11 @@ int fr_ldap_parse_url_extensions(LDAPControl **sss, size_t sss_len, char *extens
                fr_sbuff_t      sbuff = FR_SBUFF_IN(extensions[i], strlen(extensions[i]));
                bool            is_critical = false;
 
+               if (sss_p == sss_end) {
+                       fr_strerror_printf("Too many extensions.  Maximum is %ld", sss_len);
+                       goto error;
+               }
+
                if (fr_sbuff_next_if_char(&sbuff, '!')) is_critical = true;
 
                /*