[Date Prev][Date Next]
Re: (ITS#8970) bind fails when length value is multi-byte
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8970) bind fails when length value is multi-byte
- From: firstname.lastname@example.org
- Date: Mon, 04 Feb 2019 03:25:11 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Full_Name: Leo Tohill
> Version: 2.4.30
> OS: Windows 10
> URL: https://docs.google.com/document/d/10uKg9Nh3HLiuOzTbLfi6Z7bCfUb8x_Ai6WK5LqNzbwA/edit?usp=sharing
> Submission from: (NULL) (18.104.22.168)
> Summary: openldap 2.4.30 does not accommodate multi-byte length value on bind
> First, I'll admit that I'm out of my depth here, I'm running a older version,
> I'm on Windows, and my package was built by I don't know. But I worked hard
> enough to track this down that I want you to know what I found. I might
> upgrade, but that's problematic.
> At some point my bindings from .net began failing with "the username or password
> is incorrect" But they were correct. I could confirm with various other tools.
> I captured the wire traffic to isolate the problem. It turns out that Windows
> forms the binding request using a multi-byte length indicator in the request.
> OpenLdap apparently does not accommodate this. I compared to a request
> generated by ldapsearch.exe. That request, which succeeds, varies only by
> using a single-byte length indicator.
> The multi-byte length value should be allowed, right? Isn't it possible to have
> a bind request data packet of length > 127? Which would require a multi-byte
> length value. Perhaps this was fixed in a later version.
> Screenshots of the wire capture here:
This URL is inaccessible, permission denied.
Just copy hex dumps of both requests here in text.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/