ber_read_OID_String patch

Kamen Mazdrashki kamen.mazdrashki at
Wed Sep 2 02:43:10 MDT 2009

Hi guys,

I've hit a strange problem while testing DRSUAPI interface against W2K3 server - NDR pull layer failed to decode drsuapi_DsReplicaOIDMapping structure.
After some digging, it turns out to be  ber_read_OID_String() function fault for the failure.
And here is the strange part - it always fail to decode BER encoded OID with __ndr_size=12 bytes. According to documentation (ref. -> 8.19) this function works correctly. Basically every subidentifier is encoded as a series of octets with bit 8 set to 1 and last octet with bit 8 set to 0. So far so good. Unfortunately, W2K3 server sends BER encoded OID where last identifier is encoded as 0x81 for example - btw, this always happens when BER encoded value is of size 12 (as I mentioned earlier).

I've made a little patch to overcome this problem temporary (please see the attachment).
However, I am not quite sure this is the right thing to be done - after decoding PREVIX MAP returned from W2K3 it seems ok - as far as I can tell, prefix-to-OID mapping seems good and valid. But it is a little bit strange W2K3 encodes OID this way.
I think we have several possibilities here - please bear in mind that this is against W2K3 with Exchange provisioning:
1. it is a bug in MS BER encoding functionality - as we all know, MS likes to make buffer optimizations so I won't be surprised if they have hard coded buffer of 16 bytes to encode [size, BER value] :)
2. it's an interpretation of the BER encoding documentation - the document does not state clearly how the BER value must end - just states that every sub identifier ends with a byte where bit-8 = 0.
3. it is a bug in NDR pull layer and __ndr_size is not decoded correctly

Sorry for writing such a big mail about this issue, but the ber_read_OID_String() function is a very low-level API and I feel this should be discussed more widely.

Kamen Mazdrashki
kamen.mazdrashki at
18 Macedonia Blvd. Sofia 1606

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ber_read_OID_String_to_work_with_Exhange.patch
Type: application/octet-stream
Size: 402 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list