[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memory leaks

At 09:23 AM 2001-12-05, Kurt D. Zeilenga wrote:
>At 09:06 AM 2001-12-05, Julio Sánchez Fernández wrote:
>>I think OpenSSL uses just the ASN1 tag to decide on the value syntax.
>Yes, but OpenSSL likely assumes that two values which have
>identical DER-encoded representations have identical LDAP
>syntax string representations.  That assumption is a bad
>assumption as two different LDAP syntax may have the same
>DER representations but different LDAP string representations.
>I agree that in practice you likely won't run into such
>cases, especially with DN AVAs, but...

I take this back, you'll run it right away....

consider two LDAP syntaxes:
        ( 1.1.1 DESC 'INTEGER restricted to 0 "off" and 1 "on"' )
        ( 1.1.2 DESC 'INTEGER restricted to -1 "-", 0 "0", and +1 "+" )

(both of ASN.1 syntax INTEGER) and two attributes:
        ( NAME 'bbit' SYNTAX 1.1.1 )
        ( NAME 'tbit' SYNTAX 1.1.2 )

Bbit is transferred (in LDAP) as "off" and "on" and
Tbit is transferred (in LDAP) as "-" "0" "+".

Guessing that a DER encoded 1 should be represented as "1"
is wrong in both cases....

BTW, I've similar naming attributes in the real world.