On Mon, Jun 29, 2020 at 4:29 PM Greg Hudson <ghud...@mit.edu> wrote: > > On 6/29/20 6:22 PM, Richard Sharpe wrote: > > The code was directly extracting the length from the buffer but (as > > you can see from the capture attached in the Session Setup Response) > > NetApp encodes the length of the OID in a longer form as 0x82 0x00 > > 0x09 instead of the short-form 0x09. > > RFC 4178 section 4 specifies that "the encoding of the SPNEGO protocol > messages shall obey the Distinguished Encoding Rules (DER) of ASN.1, as > described in [X690]."
Yes, you are correct, but everywhere else in the code it uses gssint_get_der_length to extract the length, which just happens to work with non-DER BER encoded fields. > X.690 section 10.1 (Distinguished Encoding Rules, length forms) > specifies that "The definite form of length encoding shall be used, > encoded in the minimum number of octets." > > So this is pretty clearly a NetApp bug. Has a report been filed with them? It probably has been just not by me. NetApp likely feels that since it works with Windows, and has been in the field for a long while now it is not a high priority. From a compatibility point of view the change would make developers' lives easier. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
