> -----Original Message-----
> From: Rafal Somla [mailto:rafal.somla@stripped]
> Sent: Donnerstag, 28. April 2011 21:40
> To: commits@stripped
> Subject: bzr commit into mysql-5.5 branch (rafal.somla:3477) Bug#11879051
> #At file:///D:/source/bzr2/mysql-5.5-wl5367-merge/ based on
> 3477 Rafal Somla 2011-04-28
> BUG#11879051: FIRST REPLY LENGTH LIMIT (255) CAN BE VIOLATED
> BEFORE: First packet sent by client-side plugin (generated by
> function InitializeSecurityContext()) could be longer than 255 bytes
> violating the limitation imposed by authentication protocol.
> AFTER: Handshake protocol is changed so that if first client's
> longer than 254 bytes then it is be sent in 2 parts. However, for
> shorter than 255 bytes nothing changes.
I think the analysis is not completely correct here.
The way Windows authentication works is such that
0) Server sends welcome packet.
1) client sends client authentication packet that contains authentication
method but without payload.
2) then server sends UPN to client
3) then client puts UPN into InitializeSecurityContext() and sends the
resulting blob to server.
(following steps omitted)
The 255 limit is would be a limit in step 1). But since payload is not used
in this step , there is also no limit.