1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00

CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth

Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Gary Lockyer 2020-04-03 12:18:03 +13:00 committed by Gary Lockyer
parent 62621bd686
commit f467727db5
16 changed files with 71 additions and 45 deletions

View File

@ -76,7 +76,7 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid) static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
{ {
bool ret = false; bool ret = false;
struct asn1_data *data = asn1_init(NULL); struct asn1_data *data = asn1_init(NULL, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;

View File

@ -34,7 +34,11 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
struct ldap_message *ldap_msg; struct ldap_message *ldap_msg;
NTSTATUS status; NTSTATUS status;
asn1 = asn1_init(mem_ctx); /*
* Need to limit the max parse tree depth to 250 to prevent
* ASAN detecting stack overflows.
*/
asn1 = asn1_init(mem_ctx, 250);
if (!asn1) { if (!asn1) {
goto out; goto out;
} }

View File

@ -36,15 +36,19 @@ struct asn1_data {
off_t ofs; off_t ofs;
struct nesting *nesting; struct nesting *nesting;
bool has_error; bool has_error;
unsigned depth;
unsigned max_depth;
}; };
/* allocate an asn1 structure */ /* allocate an asn1 structure */
struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx) struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx, unsigned max_depth)
{ {
struct asn1_data *ret = talloc_zero(mem_ctx, struct asn1_data); struct asn1_data *ret = talloc_zero(mem_ctx, struct asn1_data);
if (ret == NULL) { if (ret == NULL) {
DEBUG(0,("asn1_init failed! out of memory\n")); DEBUG(0,("asn1_init failed! out of memory\n"));
return ret;
} }
ret->max_depth = max_depth;
return ret; return ret;
} }
@ -480,6 +484,11 @@ bool asn1_check_BOOLEAN(struct asn1_data *data, bool v)
/* load a struct asn1_data structure with a lump of data, ready to be parsed */ /* load a struct asn1_data structure with a lump of data, ready to be parsed */
bool asn1_load(struct asn1_data *data, DATA_BLOB blob) bool asn1_load(struct asn1_data *data, DATA_BLOB blob)
{ {
/*
* Save the maximum depth
*/
unsigned max_depth = data->max_depth;
ZERO_STRUCTP(data); ZERO_STRUCTP(data);
data->data = (uint8_t *)talloc_memdup(data, blob.data, blob.length); data->data = (uint8_t *)talloc_memdup(data, blob.data, blob.length);
if (!data->data) { if (!data->data) {
@ -487,6 +496,7 @@ bool asn1_load(struct asn1_data *data, DATA_BLOB blob)
return false; return false;
} }
data->length = blob.length; data->length = blob.length;
data->max_depth = max_depth;
return true; return true;
} }
@ -1119,9 +1129,14 @@ bool asn1_extract_blob(struct asn1_data *asn1, TALLOC_CTX *mem_ctx,
*/ */
void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len) void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len)
{ {
/*
* Save max_depth
*/
unsigned max_depth = data->max_depth;
ZERO_STRUCTP(data); ZERO_STRUCTP(data);
data->data = buf; data->data = buf;
data->length = len; data->length = len;
data->max_depth = max_depth;
} }
int asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size) int asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)

View File

@ -45,7 +45,14 @@ typedef struct asn1_data ASN1_DATA;
#define ASN1_MAX_OIDS 20 #define ASN1_MAX_OIDS 20
struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx); /*
* The maximum permitted depth for an ASN.1 parse tree, the limit is chosen
* to align with the value for windows. Note that this value will trigger
* ASAN stack overflow errors.
*/
#define ASN1_MAX_TREE_DEPTH 512
struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx, unsigned max_depth);
void asn1_free(struct asn1_data *data); void asn1_free(struct asn1_data *data);
bool asn1_has_error(const struct asn1_data *data); bool asn1_has_error(const struct asn1_data *data);
void asn1_set_error(struct asn1_data *data); void asn1_set_error(struct asn1_data *data);

View File

@ -330,7 +330,7 @@ static bool test_asn1_Integer(struct torture_context *tctx)
DATA_BLOB blob; DATA_BLOB blob;
int val; int val;
data = asn1_init(mem_ctx); data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) { if (!data) {
goto err; goto err;
} }

View File

@ -296,7 +296,7 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data
return ret; return ret;
} }
asn1 = asn1_init(mem_ctx); asn1 = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (asn1 == NULL) { if (asn1 == NULL) {
return -1; return -1;
} }
@ -339,7 +339,7 @@ ssize_t spnego_read_data(TALLOC_CTX *mem_ctx, DATA_BLOB data, struct spnego_data
ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_data *spnego) ssize_t spnego_write_data(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, struct spnego_data *spnego)
{ {
struct asn1_data *asn1 = asn1_init(mem_ctx); struct asn1_data *asn1 = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
ssize_t ret = -1; ssize_t ret = -1;
if (asn1 == NULL) { if (asn1 == NULL) {
@ -411,7 +411,7 @@ bool spnego_write_mech_types(TALLOC_CTX *mem_ctx,
DATA_BLOB *blob) DATA_BLOB *blob)
{ {
bool ret = false; bool ret = false;
struct asn1_data *asn1 = asn1_init(mem_ctx); struct asn1_data *asn1 = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (asn1 == NULL) { if (asn1 == NULL) {
return false; return false;

View File

@ -233,7 +233,7 @@ static bool cldap_socket_recv_dgram(struct cldap_socket *c,
goto error; goto error;
} }
asn1 = asn1_init(in); asn1 = asn1_init(in, ASN1_MAX_TREE_DEPTH);
if (!asn1) { if (!asn1) {
goto nomem; goto nomem;
} }

View File

@ -390,7 +390,7 @@ _PUBLIC_ bool ldap_encode(struct ldap_message *msg,
const struct ldap_control_handler *control_handlers, const struct ldap_control_handler *control_handlers,
DATA_BLOB *result, TALLOC_CTX *mem_ctx) DATA_BLOB *result, TALLOC_CTX *mem_ctx)
{ {
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
int i, j; int i, j;
if (!data) return false; if (!data) return false;

View File

@ -632,7 +632,7 @@ static void tldap_msg_received(struct tevent_req *subreq)
goto fail; goto fail;
} }
data = asn1_init(talloc_tos()); data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
if (data == NULL) { if (data == NULL) {
status = TLDAP_NO_MEMORY; status = TLDAP_NO_MEMORY;
goto fail; goto fail;
@ -763,7 +763,7 @@ static struct tevent_req *tldap_req_create(TALLOC_CTX *mem_ctx,
if (req == NULL) { if (req == NULL) {
return NULL; return NULL;
} }
state->out = asn1_init(state); state->out = asn1_init(state, ASN1_MAX_TREE_DEPTH);
if (state->out == NULL) { if (state->out == NULL) {
goto err; goto err;
} }

View File

@ -644,7 +644,7 @@ static struct tevent_req *tldap_ship_paged_search(
struct tldap_control *pgctrl; struct tldap_control *pgctrl;
struct asn1_data *asn1 = NULL; struct asn1_data *asn1 = NULL;
asn1 = asn1_init(state); asn1 = asn1_init(state, ASN1_MAX_TREE_DEPTH);
if (asn1 == NULL) { if (asn1 == NULL) {
return NULL; return NULL;
} }
@ -783,7 +783,7 @@ static void tldap_search_paged_done(struct tevent_req *subreq)
TALLOC_FREE(state->cookie.data); TALLOC_FREE(state->cookie.data);
asn1 = asn1_init(talloc_tos()); asn1 = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
if (tevent_req_nomem(asn1, req)) { if (tevent_req_nomem(asn1, req)) {
return; return;
} }

View File

@ -50,7 +50,7 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
*secblob = data_blob_null; *secblob = data_blob_null;
} }
data = asn1_init(talloc_tos()); data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
if (data == NULL) { if (data == NULL) {
return false; return false;
} }
@ -171,7 +171,7 @@ DATA_BLOB spnego_gen_krb5_wrap(TALLOC_CTX *ctx, const DATA_BLOB ticket, const ui
ASN1_DATA *data; ASN1_DATA *data;
DATA_BLOB ret = data_blob_null; DATA_BLOB ret = data_blob_null;
data = asn1_init(talloc_tos()); data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
if (data == NULL) { if (data == NULL) {
return data_blob_null; return data_blob_null;
} }

View File

@ -11975,7 +11975,7 @@ tldap_build_extended_control(enum tldap_extended_val val)
ZERO_STRUCT(empty_control); ZERO_STRUCT(empty_control);
if (val != EXTENDED_NONE) { if (val != EXTENDED_NONE) {
data = asn1_init(talloc_tos()); data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
if (!data) { if (!data) {
return NULL; return NULL;

View File

@ -438,7 +438,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
struct asn1_data *data; struct asn1_data *data;
DATA_BLOB ret = data_blob_null; DATA_BLOB ret = data_blob_null;
data = asn1_init(mem_ctx); data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data || !ticket->data) { if (!data || !ticket->data) {
return ret; return ret;
} }
@ -472,7 +472,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]) static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
{ {
bool ret = false; bool ret = false;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
int data_remaining; int data_remaining;
if (!data) { if (!data) {

View File

@ -560,7 +560,7 @@ static void ldapsrv_call_read_done(struct tevent_req *subreq)
return; return;
} }
asn1 = asn1_init(call); asn1 = asn1_init(call, ASN1_MAX_TREE_DEPTH);
if (asn1 == NULL) { if (asn1 == NULL) {
ldapsrv_terminate_connection(conn, "no memory"); ldapsrv_terminate_connection(conn, "no memory");
return; return;

View File

@ -284,7 +284,7 @@ static void ldap_connection_recv_done(struct tevent_req *subreq)
return; return;
} }
asn1 = asn1_init(conn); asn1 = asn1_init(conn, ASN1_MAX_TREE_DEPTH);
if (asn1 == NULL) { if (asn1 == NULL) {
TALLOC_FREE(msg); TALLOC_FREE(msg);
ldap_error_handler(conn, NT_STATUS_NO_MEMORY); ldap_error_handler(conn, NT_STATUS_NO_MEMORY);

View File

@ -32,7 +32,7 @@ static bool decode_server_sort_response(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB attr; DATA_BLOB attr;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_sort_resp_control *lsrc; struct ldb_sort_resp_control *lsrc;
if (!data) return false; if (!data) return false;
@ -79,7 +79,7 @@ static bool decode_server_sort_request(void *mem_ctx, DATA_BLOB in, void *_out)
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB attr; DATA_BLOB attr;
DATA_BLOB rule; DATA_BLOB rule;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_server_sort_control **lssc; struct ldb_server_sort_control **lssc;
int num; int num;
@ -166,7 +166,7 @@ static bool decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void *_out)
return true; return true;
} }
data = asn1_init(mem_ctx); data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
if (!asn1_load(data, in)) { if (!asn1_load(data, in)) {
@ -198,7 +198,7 @@ static bool decode_extended_dn_request(void *mem_ctx, DATA_BLOB in, void *_out)
static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out) static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_sd_flags_control *lsdfc; struct ldb_sd_flags_control *lsdfc;
if (!data) return false; if (!data) return false;
@ -232,7 +232,7 @@ static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out)
static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void *_out) static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_search_options_control *lsoc; struct ldb_search_options_control *lsoc;
if (!data) return false; if (!data) return false;
@ -267,7 +267,7 @@ static bool decode_paged_results_request(void *mem_ctx, DATA_BLOB in, void *_out
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB cookie; DATA_BLOB cookie;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_paged_control *lprc; struct ldb_paged_control *lprc;
if (!data) return false; if (!data) return false;
@ -316,7 +316,7 @@ static bool decode_dirsync_request(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB cookie; DATA_BLOB cookie;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_dirsync_control *ldc; struct ldb_dirsync_control *ldc;
if (!data) return false; if (!data) return false;
@ -372,7 +372,7 @@ static bool decode_asq_control(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB source_attribute; DATA_BLOB source_attribute;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_asq_control *lac; struct ldb_asq_control *lac;
if (!data) return false; if (!data) return false;
@ -433,7 +433,7 @@ static bool decode_verify_name_request(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB name; DATA_BLOB name;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_verify_name_control *lvnc; struct ldb_verify_name_control *lvnc;
int len; int len;
@ -485,7 +485,7 @@ static bool decode_verify_name_request(void *mem_ctx, DATA_BLOB in, void *_out)
static bool encode_verify_name_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_verify_name_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_verify_name_control *lvnc = talloc_get_type(in, struct ldb_verify_name_control); struct ldb_verify_name_control *lvnc = talloc_get_type(in, struct ldb_verify_name_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
DATA_BLOB gc_utf16; DATA_BLOB gc_utf16;
if (!data) return false; if (!data) return false;
@ -528,7 +528,7 @@ static bool decode_vlv_request(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB assertion_value, context_id; DATA_BLOB assertion_value, context_id;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_vlv_req_control *lvrc; struct ldb_vlv_req_control *lvrc;
if (!data) return false; if (!data) return false;
@ -626,7 +626,7 @@ static bool decode_vlv_response(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
DATA_BLOB context_id; DATA_BLOB context_id;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct ldb_vlv_resp_control *lvrc; struct ldb_vlv_resp_control *lvrc;
if (!data) return false; if (!data) return false;
@ -682,7 +682,7 @@ static bool decode_vlv_response(void *mem_ctx, DATA_BLOB in, void *_out)
static bool encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_sort_resp_control *lsrc = talloc_get_type(in, struct ldb_sort_resp_control); struct ldb_sort_resp_control *lsrc = talloc_get_type(in, struct ldb_sort_resp_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -716,7 +716,7 @@ static bool encode_server_sort_response(void *mem_ctx, void *in, DATA_BLOB *out)
static bool encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_server_sort_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_server_sort_control **lssc = talloc_get_type(in, struct ldb_server_sort_control *); struct ldb_server_sort_control **lssc = talloc_get_type(in, struct ldb_server_sort_control *);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
int num; int num;
if (!data) return false; if (!data) return false;
@ -782,7 +782,7 @@ static bool encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
return true; return true;
} }
data = asn1_init(mem_ctx); data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -810,7 +810,7 @@ static bool encode_extended_dn_request(void *mem_ctx, void *in, DATA_BLOB *out)
static bool encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control); struct ldb_sd_flags_control *lsdfc = talloc_get_type(in, struct ldb_sd_flags_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -838,7 +838,7 @@ static bool encode_sd_flags_request(void *mem_ctx, void *in, DATA_BLOB *out)
static bool encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control); struct ldb_search_options_control *lsoc = talloc_get_type(in, struct ldb_search_options_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -866,7 +866,7 @@ static bool encode_search_options_request(void *mem_ctx, void *in, DATA_BLOB *ou
static bool encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control); struct ldb_paged_control *lprc = talloc_get_type(in, struct ldb_paged_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -901,7 +901,7 @@ static bool encode_paged_results_request(void *mem_ctx, void *in, DATA_BLOB *out
static bool encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_asq_control *lac = talloc_get_type(in, struct ldb_asq_control); struct ldb_asq_control *lac = talloc_get_type(in, struct ldb_asq_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -936,7 +936,7 @@ static bool encode_asq_control(void *mem_ctx, void *in, DATA_BLOB *out)
static bool encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control); struct ldb_dirsync_control *ldc = talloc_get_type(in, struct ldb_dirsync_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -972,7 +972,7 @@ static bool encode_dirsync_request(void *mem_ctx, void *in, DATA_BLOB *out)
static bool encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_vlv_req_control *lvrc = talloc_get_type(in, struct ldb_vlv_req_control); struct ldb_vlv_req_control *lvrc = talloc_get_type(in, struct ldb_vlv_req_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -1040,7 +1040,7 @@ static bool encode_vlv_request(void *mem_ctx, void *in, DATA_BLOB *out)
static bool encode_vlv_response(void *mem_ctx, void *in, DATA_BLOB *out) static bool encode_vlv_response(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct ldb_vlv_resp_control *lvrc = talloc_get_type(in, struct ldb_vlv_resp_control); struct ldb_vlv_resp_control *lvrc = talloc_get_type(in, struct ldb_vlv_resp_control);
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -1083,7 +1083,7 @@ static bool encode_openldap_dereference(void *mem_ctx, void *in, DATA_BLOB *out)
{ {
struct dsdb_openldap_dereference_control *control = talloc_get_type(in, struct dsdb_openldap_dereference_control); struct dsdb_openldap_dereference_control *control = talloc_get_type(in, struct dsdb_openldap_dereference_control);
int i,j; int i,j;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
if (!data) return false; if (!data) return false;
@ -1132,7 +1132,7 @@ static bool encode_openldap_dereference(void *mem_ctx, void *in, DATA_BLOB *out)
static bool decode_openldap_dereference(void *mem_ctx, DATA_BLOB in, void *_out) static bool decode_openldap_dereference(void *mem_ctx, DATA_BLOB in, void *_out)
{ {
void **out = (void **)_out; void **out = (void **)_out;
struct asn1_data *data = asn1_init(mem_ctx); struct asn1_data *data = asn1_init(mem_ctx, ASN1_MAX_TREE_DEPTH);
struct dsdb_openldap_dereference_result_control *control; struct dsdb_openldap_dereference_result_control *control;
struct dsdb_openldap_dereference_result **r = NULL; struct dsdb_openldap_dereference_result **r = NULL;
int i = 0; int i = 0;