(ITS#6685) VLV implementation and compatibility

[sebastien.bahloul@gmail.com]

Full_Name: Sebastien Bahloul
Version: HEAD
OS: Linux RHEL 5
URL: ftp://ftp.openldap.org/incoming/sbahloul-101026.patch
Submission from: (NULL) (2a01:e35:2ebe:f470:222:fbff:fe34:f796)


Hi,

OpenLDAP VLV implementation seems not to be fully compliant with latest draft.
Use case has been identify through JNDI - JDK 1.5, (whereas it seems to be
functional in ldapsearch) :

javax.naming.NamingException [Root exception is 
com.sun.jndi.ldap.Ber$DecodeException: Encountered ASN.1 tag 2 (expected tag 
10)]

After doing some network captures between different directories implementation,

it seems that there is a BER encoding error on the VLV response error code :

Global VLV control response ASN1 dump (through openssl asn1parse) :
    0:d=0  hl=2 l=  50 cons: SEQUENCE          
    2:d=1  hl=2 l=  24 prim: OCTET STRING      :2.16.840.1.113730.3.4.10
   28:d=1  hl=2 l=  22 prim: OCTET STRING      
      0000 - 30 14 02 01 00 02 02 00-aa 02 01 00 04 08 10 0a   
0...............
      0010 - 82 15                                             ..
      0016 - <SPACES/NULS>

Included octet string VLV control response ASN1 dump :
    0:d=0  hl=2 l=  20 cons: SEQUENCE          
    2:d=1  hl=2 l=   1 prim: INTEGER           :00
    5:d=1  hl=2 l=   2 prim: INTEGER           :AA
    9:d=1  hl=2 l=   1 prim: INTEGER           :00
   12:d=1  hl=2 l=   8 prim: OCTET STRING      
      0000 - 10 0a 82 15                                       ....
      0008 - <SPACES/NULS>

According to latest VLV draft (seems to be version 4) in section 5.2, return 
type for error code (last 00 in this dump) must be an enumerated type (tag 
type 10). In OpenLDAP response, error code is encoded as an integer (tag type 
2).  

I suggest to fix this by changing ber_printf(..."{iii ... to 
ber_printf(..."{iie ... in sssvlv.c:198. 

Regards,