[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: memory leaks
At 09:23 AM 2001-12-05, Kurt D. Zeilenga wrote:
>At 09:06 AM 2001-12-05, Julio Sánchez Fernández wrote:
>>I think OpenSSL uses just the ASN1 tag to decide on the value syntax.
>
>Yes, but OpenSSL likely assumes that two values which have
>identical DER-encoded representations have identical LDAP
>syntax string representations. That assumption is a bad
>assumption as two different LDAP syntax may have the same
>DER representations but different LDAP string representations.
>
>I agree that in practice you likely won't run into such
>cases, especially with DN AVAs, but...
I take this back, you'll run it right away....
consider two LDAP syntaxes:
( 1.1.1 DESC 'INTEGER restricted to 0 "off" and 1 "on"' )
( 1.1.2 DESC 'INTEGER restricted to -1 "-", 0 "0", and +1 "+" )
(both of ASN.1 syntax INTEGER) and two attributes:
( 1.1.1.0 NAME 'bbit' SYNTAX 1.1.1 )
( 1.1.2.0 NAME 'tbit' SYNTAX 1.1.2 )
Bbit is transferred (in LDAP) as "off" and "on" and
Tbit is transferred (in LDAP) as "-" "0" "+".
Guessing that a DER encoded 1 should be represented as "1"
is wrong in both cases....
BTW, I've similar naming attributes in the real world.
Kurt