Hi,
On Tue, 16 May 2017 00:39:40 +0200
Alexander Bluhm <[email protected]> wrote:
> On Fri, May 05, 2017 at 06:05:28PM +0000, Seiya Kawashima wrote:
> > I'm not quite sure if this is the right way to fix the issue but it
> > looks like that this issue is related to how ldapd(8) buffers LDAP
> > messages from the client.
>
> Thanks for the analysis. I have copied the code from libevent to
> syslogd. While adapting to TLS, I did not think about that
> ioctl(FIONREAD) does not make sense for TLS. Then it was copied
> to ldapd again without realizing the problem.
>
> I would like to keep this as much a possible in sync with libevent.
> So just remove the problematic code in ldapd(8) and syslogd(8).
I ran tests with a patched ldapd around the critical range (15950 to
16000 byte "image" file) to fill up 7GB of disk space in /var/db/ldap
three times and had no issues. (Snapshot from June 25 "6.1 GENERIC.MP#48
amd64").
Who has permission to ok the Patch?
Thanks and best regards
Robert
>
> ok?
>
> bluhm
>
> Index: usr.sbin/ldapd/evbuffer_tls.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/ldapd/evbuffer_tls.c,v
> retrieving revision 1.2
> diff -u -p -r1.2 evbuffer_tls.c
> --- usr.sbin/ldapd/evbuffer_tls.c 3 Mar 2017 20:26:23
> -0000 1.2 +++ usr.sbin/ldapd/evbuffer_tls.c 15 May 2017
> 22:32:32 -0000 @@ -298,21 +298,6 @@ evtls_read(struct evbuffer *buf,
> int fd, size_t oldoff = buf->off;
> int n = EVBUFFER_MAX_READ;
>
> - if (ioctl(fd, FIONREAD, &n) == -1 || n <= 0) {
> - n = EVBUFFER_MAX_READ;
> - } else if (n > EVBUFFER_MAX_READ && n > howmuch) {
> - /*
> - * It's possible that a lot of data is available for
> - * reading. We do not want to exhaust resources
> - * before the reader has a chance to do something
> - * about it. If the reader does not tell us how much
> - * data we should read, we artifically limit it.
> - */
> - if ((size_t)n > buf->totallen << 2)
> - n = buf->totallen << 2;
> - if (n < EVBUFFER_MAX_READ)
> - n = EVBUFFER_MAX_READ;
> - }
> if (howmuch < 0 || howmuch > n)
> howmuch = n;
>
> Index: usr.sbin/syslogd/evbuffer_tls.c
> ===================================================================
> RCS
> file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/evbuffer_tls.c,v
> retrieving revision 1.10 diff -u -p -r1.10 evbuffer_tls.c
> --- usr.sbin/syslogd/evbuffer_tls.c 3 Mar 2017 20:26:23
> -0000 1.10 +++ usr.sbin/syslogd/evbuffer_tls.c 15 May
> 2017 22:32:15 -0000 @@ -298,21 +298,6 @@ evtls_read(struct evbuffer
> *buf, int fd, size_t oldoff = buf->off;
> int n = EVBUFFER_MAX_READ;
>
> - if (ioctl(fd, FIONREAD, &n) == -1 || n <= 0) {
> - n = EVBUFFER_MAX_READ;
> - } else if (n > EVBUFFER_MAX_READ && n > howmuch) {
> - /*
> - * It's possible that a lot of data is available for
> - * reading. We do not want to exhaust resources
> - * before the reader has a chance to do something
> - * about it. If the reader does not tell us how much
> - * data we should read, we artifically limit it.
> - */
> - if ((size_t)n > buf->totallen << 2)
> - n = buf->totallen << 2;
> - if (n < EVBUFFER_MAX_READ)
> - n = EVBUFFER_MAX_READ;
> - }
> if (howmuch < 0 || howmuch > n)
> howmuch = n;
>
>
