From f91be14bfb79021e3b9ba769955c1f2c4351e9bf Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 16 Oct 2025 21:47:42 +0200 Subject: [PATCH] openldap: limit max incoming size Set the maximum allowed size of an incoming LDAP message, which to OpenLDAP means that it allows malloc() up to this size. If not set, there is no limit and we instead risk a malloc() failure. The limit is arbitrarily set to 256K as I can't figure out what a reasonable value should be. OpenLDAP docs: https://openldap.org/software/man.cgi?query=lber-sockbuf&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html Bug: https://issues.oss-fuzz.com/issues/432441303 Closes #19087 --- lib/openldap.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/openldap.c b/lib/openldap.c index b8afe99529..1b26b6e1b4 100644 --- a/lib/openldap.c +++ b/lib/openldap.c @@ -659,6 +659,19 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) /* Do not chase referrals. */ ldap_set_option(li->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); + { + ber_len_t max = 256*1024; + Sockbuf *sb; + if(ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, (void **)&sb) || + /* Set the maximum allowed size of an incoming message, which to + OpenLDAP means that it will malloc() memory up to this size. If not + set, there is no limit and we instead risk a malloc() failure. */ + ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_MAX_INCOMING, &max)) { + result = CURLE_FAILED_INIT; + goto out; + } + } + #ifdef USE_SSL if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) { result = oldap_ssl_connect(data, OLDAP_SSL); -- 2.47.3