Le 11/10/16 à 19:56, Hallvard Breien Furuseth a écrit :

On 11. okt. 2016 18:10, elecharny@apache.org wrote:

...

IMO, the code that deal with tags in the lber decode.c ber_tag_and_rest() method is incorrectly decoding tags that are longer than 1 byte. (...)

It's far too late to change the ASN.1 <-> integer mapping. liblber is widely used outside OpenLDAP, we don't know if we'd break something.

I think I overlooked the origial code. See later...

As lber.h explains:

• ber_tag_t represents the identifier octets at the beginning of BER
• elements. OpenLDAP treats them as mere big-endian unsigned integers.

Indeed. That means the method just grabs bytes without taking care of the 'continuation' bits (ie the 7th bit if there are more bytes after), and returns a long.

I wish it had at least used little-endian so we could check the class and P/C bits with a simple '&' operation. Oh well.

Well, the way this function works make it hard to do so, I agree. OTOH, it means this ITS can be closed, because it's based on a wrong understanding on what this method does. It's not bugy, it's just doing somethig different than what I was expecting.

Thanks !