This should limit the amount we send to GENSEC at a
time where it may help avoid large realloc or memcpy calls.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
for (reply = call->replies;
reply != NULL;
reply = reply->next) {
+
+ /* Cap output at 25MB per writev() */
+ if (length > length + reply->blob.length
+ || length + reply->blob.length > LDAP_SERVER_MAX_CHUNK_SIZE) {
+ break;
+ }
+
/*
* Overflow is harmless here, just used below to
- * decide if to read or write
+ * decide if to read or write, but checkd above anyway
*/
length += reply->blob.length;
*/
#define LDAP_SERVER_MAX_REPLY_SIZE ((size_t)(256 * 1024 * 1024))
+/*
+ * Start writing to the network before we hit this size
+ */
+#define LDAP_SERVER_MAX_CHUNK_SIZE ((size_t)(25 * 1024 * 1024))
+
struct ldapsrv_service {
struct tstream_tls_params *tls_params;
struct task_server *task;