LdapSignCheck icon indicating copy to clipboard operation
LdapSignCheck copied to clipboard
verified publisher icon cube0x0

Invalid options specified with ldap_set_option() and ldap_get_option() in BOF

Open whokilleddb opened this issue 1 year ago • 0 comments

The BOF code has two issues:

  • Invalid Parameter passed
  • Incompatible Options set

Invalid Parameter Passed

The easier one out of the two, in line 77 (and 81) of ldapsigncheck.c it says:

WLDAP32$ldap_get_optionW(pLdapConnection, LDAP_OPT_SIGN, result);

Wherein it should be something like:

WLDAP32$ldap_get_optionW(pLdapConnection, LDAP_OPT_SIGN, &result);

Incompatible Options Set

The BOF sets the following options to LDAP_OPT_ON: LDAP_OPT_SSL, LDAP_OPT_SIGN and LDAP_OPT_ENCRYPT when SSL is enabled. However when referring to the Session Options docs, it mentions that for LDAP_OPT_SIGN/LDAP_OPT_ENCRYPT: _ Cannot be used over an SSL connection._

Shouldn't those options be set to LDAP_OPT_OFF instead, aka the default state? Am I missing something here?

whokilleddb avatar Apr 18 '24 17:04 whokilleddb