RSS feed

Re: [PATCH] increase filter_buffer size in try_autzsearch

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [PATCH] increase filter_buffer size in try_autzsearch

On Thu, 2012-03-15 at 10:19 -0500, Chris J Arges wrote:
> Attached is a patch that addresses a bug described in:
> The filter_buffer in try_autzsearch in nslcd/pam.c currently is 1024 
> bytes in length. By increasing this array size, larger search filters 
> can be used.
> Let me know if this is the right approach, or if a better technique is 
> needed to fix the situation described in the bug.

As I understand the bug report the problem was that there was no clear
error logged when the try_autzsearch failed due to a long search filter.
The logged error was:
  pam_authz_search "..." is invalid
and if ... was very long the line would be cut short and the is invalid
would be lost. In r1628 I've changed the log message to
  invalid pam_authz_search "...."
which means that the core of the log message will still be intact even
if the line ends up being too long.

Allowing bigger filters is certainly a possibility but not really the
issue at this point. If someone can come up with a practical search that
will not fit in the buffer I'll increase it.


-- arthur - - --
To unsubscribe send an email to or see