A possible small bug in SPNEGO handling when dealing with NETAPP servers

[Richard Sharpe]

On Mon, Jun 29, 2020 at 4:29 PM Greg Hudson <ghudson at mit.edu> wrote:
>
> On 6/29/20 6:22 PM, Richard Sharpe wrote:
> > The code was directly extracting the length from the buffer but (as
> > you can see from the capture attached in the Session Setup Response)
> > NetApp encodes the length of the OID in a longer form as 0x82 0x00
> > 0x09 instead of the short-form 0x09.
>
> RFC 4178 section 4 specifies that "the encoding of the SPNEGO protocol
> messages shall obey the Distinguished Encoding Rules (DER) of ASN.1, as
> described in [X690]."

Yes, you are correct, but everywhere else in the code it uses
gssint_get_der_length to extract the length, which just happens to
work with non-DER BER encoded fields.

> X.690 section 10.1 (Distinguished Encoding Rules, length forms)
> specifies that "The definite form of length encoding shall be used,
> encoded in the minimum number of octets."
>
> So this is pretty clearly a NetApp bug.  Has a report been filed with them?

It probably has been just not by me. NetApp likely feels that since it
works with Windows, and has been in the field for a long while now it
is not a high priority.

>From a compatibility point of view the change would make developers'
lives easier.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)