From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 10 Feb 2025 15:20:30 +0000 (+0000)
Subject: Protect against too many extensions in LDAP URI
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d5a39cc58e9979e38c1dfeef02e6d412e47a8c0;p=thirdparty%2Ffreeradius-server.git

Protect against too many extensions in LDAP URI
---

diff --git a/src/lib/ldap/util.c b/src/lib/ldap/util.c
index ec892ca8e6f..15a5ca2a3c6 100644
--- a/src/lib/ldap/util.c
+++ b/src/lib/ldap/util.c
@@ -323,6 +323,11 @@ int fr_ldap_parse_url_extensions(LDAPControl **sss, size_t sss_len, char *extens
 		fr_sbuff_t	sbuff = FR_SBUFF_IN(extensions[i], strlen(extensions[i]));
 		bool		is_critical = false;
 
+		if (sss_p == sss_end) {
+			fr_strerror_printf("Too many extensions.  Maximum is %ld", sss_len);
+			goto error;
+		}
+
 		if (fr_sbuff_next_if_char(&sbuff, '!')) is_critical = true;
 
 		/*