From Matthias Drochner:

I'll attach a patch which fixes the decoding of authenticated LDAP bind replies. The SASL credentials are always "context specific" in terms of ASN.1. I've tested the fix with DIGEST-MD5 authentication. (Without the patch, ethereal complains about a wrong type because it expects an ASN.a octet string.) (You might also consider a stricter check of the ASN.1 header type for the GSSAPI and GSS-SPNEGO cases, but I can't test this.) svn path=/trunk/; revision=15428
2005-08-19 09:47:11 +00:00 · 2005-08-19 09:47:11 +00:00 · 0a1de06a24
parent b2807e2ab6
commit 0a1de06a24
2 changed files with 2 additions and 7 deletions
--- a/1
+++ b/1
@ -2483,6 +2483,7 @@ Maria-Luiza Crivat	<luizacri [AT] gmail.com>
 Brice Augustin		<bricecotte [AT] gmail.com>
 Matt Thornton		<MATT_THORNTON [AT] appsig.com>
 Markus Seehofer		<Markus.Seehofer [AT] hirschmann.de>
+Matthias Drochner	<M.Drochner [AT] fz-juelich.de>


 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
--- a/epan/dissectors/packet-ldap.c
+++ b/epan/dissectors/packet-ldap.c
@ -1276,16 +1276,10 @@ static void dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree,
        a->offset += cred_length;
      } else {
        if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
-                            NULL, NULL, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+                            NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
          return;
      }
      break;
-
-    default:
-      if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
-                          NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
-        return;
-      break;
    }
  }
 }