[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8970) bind fails when length value is multi-byte

lit@cbord.com wrote:
> Full_Name: Leo Tohill
> Version: 2.4.30
> OS: Windows 10
> URL: https://docs.google.com/document/d/10uKg9Nh3HLiuOzTbLfi6Z7bCfUb8x_Ai6WK5LqNzbwA/edit?usp=sharing
> Submission from: (NULL) (
> Summary: openldap 2.4.30 does not accommodate multi-byte length value on bind
> request. 
> First, I'll admit that I'm out of my depth here, I'm running a older version,
> I'm on Windows, and my package was built by I don't know.  But I worked hard
> enough to track this down that I want you to know what I found.  I might
> upgrade, but that's problematic.  
> At some point my bindings from .net began failing with "the username or password
> is incorrect" But they were correct.  I could confirm with various other tools. 
> I captured the wire traffic to isolate the problem. It turns out that Windows
> forms the binding request using  a multi-byte length indicator in the request. 
> OpenLdap apparently does not accommodate this.  I compared to a request
> generated by  ldapsearch.exe.  That request, which succeeds,  varies only by
> using a single-byte length indicator. 
> The multi-byte length value should be allowed, right?  Isn't it possible to have
> a bind request data packet of length > 127?  Which would require a multi-byte
> length value.  Perhaps this was fixed in a later version. 
> Screenshots of the wire capture here: 
> https://docs.google.com/document/d/10uKg9Nh3HLiuOzTbLfi6Z7bCfUb8x_Ai6WK5LqNzbwA/edit?usp=sharing

This URL is inaccessible, permission denied.

Just copy hex dumps of both requests here in text.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/