sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

ldap: Use timeout value for synchronous calls

Browse Source 
So far, the timeout value was only used as connect timeout while a
malicious server could accept the connection and then starve us. So use
the timeout for LDAP_OPT_TIMEOUT, too, which affects all synchronous
calls.  In particular, ldap_simple_bind_s(), which has no timeout
argument like ldap_search_st().

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
This commit is contained in:
Thomas Egerer 2019-07-15 18:32:38 +02:00 committed by Tobias Brunner
parent ee4e93419b
commit af9095fdd9
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libstrongswan/plugins/ldap/ldap_fetcher.c
View File

@ -133,6 +133,7 @@ METHOD(fetcher_t, fetch, status_t,
ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
ldap_set_option(ldap, LDAP_OPT_TIMEOUT, &timeout);
DBG2(DBG_LIB, "sending LDAP request to '%s'...", url);