Xu, Qiang (FXSGSC) wrote:
Hi, all:
Sorry to trouble you again, but this time, I have some new findings with
Malformed Packet in MozLDAP network trace.
As you can see, the Malformed Packet is in the 2nd round of binding interaction with the server:
========================================
32 17.839052 13.198.98.107 13.198.98.35 LDAP bindRequest(1) "<ROOT>" sasl
33 17.917608 13.198.98.35 13.198.98.107 LDAP bindResponse(1) saslBindInProgress
35 17.919333 13.198.98.107 13.198.98.35 LDAP bindRequest(2) "<ROOT>" [Malformed Packet]
36 17.919637 13.198.98.35 13.198.98.107 LDAP bindResponse(2) saslBindInProgress
37 17.920316 13.198.98.107 13.198.98.35 LDAP bindRequest(3) "<ROOT>" sasl
38 17.920691 13.198.98.35 13.198.98.107 LDAP bindResponse(3) success
========================================
I am not sure if packet 35 is normal or not? After all, it says the packet is
malformed.
In contrast, a trace captured with OpenLDAP ldapsearch utility does not have this malformat packet:
========================================
22 24.805633 13.198.98.35 13.198.98.190 LDAP bindResponse(1) saslBindInProgress
28 26.616093 13.198.98.190 13.198.98.35 LDAP bindRequest(2) "<ROOT>" sasl
29 26.616459 13.198.98.35 13.198.98.190 LDAP bindResponse(2) saslBindInProgress
31 26.616705 13.198.98.190 13.198.98.35 LDAP bindRequest(3) "<ROOT>" sasl
32 26.633134 13.198.98.35 13.198.98.190 LDAP bindResponse(3) success
========================================
As you know, SASL connection relies on SASL library like libsasl2.so, which depends on
OpenLDAP libraries such as libldap-2.3.so and liblber-2.3.so (this can be verfified by
"ldd libsasl2.so"). And I am not sure whether there is some conflict between
MozLDAP and OpenLDAP when MozLDAP calls SASL interfaces in libsasl2.so to do SASL binding.
This aside, when I compare the content of packet 35 in MozLDAP trace and packet 29 in OpenLDAP trace, it is noted
that the MozLDAP packet has extra bytes "04 00" after "mechanism: GSSAPI". These extra bytes
are interpreted as "<MISSING> credentials" by WireShark. In contrast, although the OpenLDAP packet
doesn't have any credential information as well, it doesn't have these extra bytes. That's why packet 35 in MozLDAP
trace is marked as Malformed Packet, while packet 29 in OpenLDAP trace is not.
It looks as though MozLDAP is sending a zero length string for the
credentials (4 is the BER tag for Octet String, the next byte is the
length which is zero). I would have to read the specs to see what it
says about that, but it appears at least that Wireshark does not like
it, and OpenLDAP does not do it, it just omits the credentials field
entirely. So I would say this is likely a bug in MozLDAP.
Anyone can look into this matter? If you try some sasl connection and capture a network trace while doing sasl binding, you'll easily find the problem.
I myself have captured the traces, but it is understood that mailist doesn't
welcome attachments. So if anybody wants to have a look at my trace, just let
me know, and I'll send you in separate mail.
I don't know if it is necessary, but you could use a pastebin to paste
your traces, then just email a link to the traces. Mozilla has a
pastebin at http://pastebin.mozilla.org/
Thanks,
Xu Qiang
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
