From Matthias Drochner:
I'll attach a patch which fixes the decoding of authenticated LDAP bind replies. The SASL credentials are always "context specific" in terms of ASN.1. I've tested the fix with DIGEST-MD5 authentication. (Without the patch, ethereal complains about a wrong type because it expects an ASN.a octet string.) (You might also consider a stricter check of the ASN.1 header type for the GSSAPI and GSS-SPNEGO cases, but I can't test this.) svn path=/trunk/; revision=15428
This commit is contained in:
parent
b2807e2ab6
commit
0a1de06a24
1
AUTHORS
1
AUTHORS
|
@ -2483,6 +2483,7 @@ Maria-Luiza Crivat <luizacri [AT] gmail.com>
|
|||
Brice Augustin <bricecotte [AT] gmail.com>
|
||||
Matt Thornton <MATT_THORNTON [AT] appsig.com>
|
||||
Markus Seehofer <Markus.Seehofer [AT] hirschmann.de>
|
||||
Matthias Drochner <M.Drochner [AT] fz-juelich.de>
|
||||
|
||||
|
||||
Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
|
||||
|
|
|
@ -1276,16 +1276,10 @@ static void dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree,
|
|||
a->offset += cred_length;
|
||||
} else {
|
||||
if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
|
||||
NULL, NULL, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
|
||||
NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
|
||||
return;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
|
||||
NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
|
||||
return;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue