[38781] in Kerberos
Re: A possible small bug in SPNEGO handling when dealing with NETAPP
daemon@ATHENA.MIT.EDU (Richard Sharpe)
Mon Jun 29 23:19:02 2020
MIME-Version: 1.0
In-Reply-To: <d620f6c3-66a7-a401-e4f4-7517a1943f9c@mit.edu>
From: Richard Sharpe <realrichardsharpe@gmail.com>
Date: Mon, 29 Jun 2020 20:10:40 -0700
Message-ID: <CACyXjPy3zfZ9p30+rhOzuwD+FT0MEGSjChoJjLm=71QxxPL=ug@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Mon, Jun 29, 2020 at 4:29 PM Greg Hudson <ghudson@mit.edu> wrote:
>
> On 6/29/20 6:22 PM, Richard Sharpe wrote:
> > The code was directly extracting the length from the buffer but (as
> > you can see from the capture attached in the Session Setup Response)
> > NetApp encodes the length of the OID in a longer form as 0x82 0x00
> > 0x09 instead of the short-form 0x09.
>
> RFC 4178 section 4 specifies that "the encoding of the SPNEGO protocol
> messages shall obey the Distinguished Encoding Rules (DER) of ASN.1, as
> described in [X690]."
Yes, you are correct, but everywhere else in the code it uses
gssint_get_der_length to extract the length, which just happens to
work with non-DER BER encoded fields.
> X.690 section 10.1 (Distinguished Encoding Rules, length forms)
> specifies that "The definite form of length encoding shall be used,
> encoded in the minimum number of octets."
>
> So this is pretty clearly a NetApp bug. Has a report been filed with them?
It probably has been just not by me. NetApp likely feels that since it
works with Windows, and has been in the field for a long while now it
is not a high priority.
From a compatibility point of view the change would make developers'
lives easier.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
