A possible small bug in SPNEGO handling when dealing with NETAPP servers
Greg Hudson
ghudson at mit.edu
Mon Jun 29 19:29:02 EDT 2020
On 6/29/20 6:22 PM, Richard Sharpe wrote:
> The code was directly extracting the length from the buffer but (as
> you can see from the capture attached in the Session Setup Response)
> NetApp encodes the length of the OID in a longer form as 0x82 0x00
> 0x09 instead of the short-form 0x09.
RFC 4178 section 4 specifies that "the encoding of the SPNEGO protocol
messages shall obey the Distinguished Encoding Rules (DER) of ASN.1, as
described in [X690]."
X.690 section 10.1 (Distinguished Encoding Rules, length forms)
specifies that "The definite form of length encoding shall be used,
encoded in the minimum number of octets."
So this is pretty clearly a NetApp bug. Has a report been filed with them?
More information about the Kerberos
mailing list