[38780] in Kerberos
Re: A possible small bug in SPNEGO handling when dealing with NETAPP
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jun 29 19:31:46 2020
To: Richard Sharpe <realrichardsharpe@gmail.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <d620f6c3-66a7-a401-e4f4-7517a1943f9c@mit.edu>
Date: Mon, 29 Jun 2020 19:29:02 -0400
MIME-Version: 1.0
In-Reply-To: <CACyXjPw0WPZq2s4DC0=TiLbZ9ehHvP_+JRA9O-kKf421fMsYmw@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 6/29/20 6:22 PM, Richard Sharpe wrote:
> The code was directly extracting the length from the buffer but (as
> you can see from the capture attached in the Session Setup Response)
> NetApp encodes the length of the OID in a longer form as 0x82 0x00
> 0x09 instead of the short-form 0x09.
RFC 4178 section 4 specifies that "the encoding of the SPNEGO protocol
messages shall obey the Distinguished Encoding Rules (DER) of ASN.1, as
described in [X690]."
X.690 section 10.1 (Distinguished Encoding Rules, length forms)
specifies that "The definite form of length encoding shall be used,
encoded in the minimum number of octets."
So this is pretty clearly a NetApp bug. Has a report been filed with them?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
