From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 14 May 2019 00:08:03 +0000 (+1200)
Subject: ldap_server: chunk the writev() calls at 25MB
X-Git-Tag: ldb-2.0.5~752
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8dfad9fa2cc5f9ae464a6df44c7ae0448cc4f3ab;p=thirdparty%2Fsamba.git

ldap_server: chunk the writev() calls at 25MB

This should limit the amount we send to GENSEC at a
time where it may help avoid large realloc or memcpy calls.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 53e9af94888..4d3d8cd1188 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -683,9 +683,16 @@ static void ldapsrv_call_writev_start(struct ldapsrv_call *call)
 	for (reply = call->replies;
 	     reply != NULL;
 	     reply = reply->next) {
+
+		/* Cap output at 25MB per writev() */
+		if (length > length + reply->blob.length
+		    || length + reply->blob.length > LDAP_SERVER_MAX_CHUNK_SIZE) {
+			break;
+		}
+
 		/*
 		 * Overflow is harmless here, just used below to
-		 * decide if to read or write
+		 * decide if to read or write, but checkd above anyway
 		 */
 		length += reply->blob.length;
 
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
index 48634e7610c..bee6ce7d5be 100644
--- a/source4/ldap_server/ldap_server.h
+++ b/source4/ldap_server/ldap_server.h
@@ -100,6 +100,11 @@ struct ldapsrv_call {
  */
 #define LDAP_SERVER_MAX_REPLY_SIZE ((size_t)(256 * 1024 * 1024))
 
+/*
+ * Start writing to the network before we hit this size
+ */
+#define LDAP_SERVER_MAX_CHUNK_SIZE ((size_t)(25 * 1024 * 1024))
+
 struct ldapsrv_service {
 	struct tstream_tls_params *tls_params;
 	struct task_server *task;