From: Vladislav Vaintroub
Date: May 9 2011 7:37pm
Subject: RE: bzr commit into mysql-5.5 branch (rafal.somla:3477) Bug#11879051
List-Archive: http://lists.mysql.com/commits/136949
Message-Id: <01ef01cc0e80$89b78410$9d268c30$@montyprogram.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hello Rafal,

> -----Original Message-----
> From: Rafal Somla [mailto:rafal.somla@stripped]
> Sent: Donnerstag, 28. April 2011 21:40
> To: commits@stripped
> Subject: bzr commit into mysql-5.5 branch (rafal.somla:3477) Bug#11879051
> 
> #At file:///D:/source/bzr2/mysql-5.5-wl5367-merge/ based on
> revid:rafal.somla@stripped
> 
>  3477 Rafal Somla	2011-04-28
>       BUG#11879051:  FIRST REPLY LENGTH LIMIT (255) CAN BE VIOLATED
> 
>       BEFORE: First packet sent by client-side plugin (generated by
Windows
>       function InitializeSecurityContext()) could be longer than 255 bytes
>       violating the limitation imposed by authentication protocol.
> 
>       AFTER: Handshake protocol is  changed so that if first client's
reply is
>       longer than 254 bytes then  it is be sent in 2 parts. However, for
replies
>       shorter than 255 bytes nothing changes.

I  think  the analysis  is not completely correct here.

The way Windows authentication works  is such that 
0) Server sends welcome packet.
1) client sends client authentication packet that contains authentication
method but without payload.
2) then server sends UPN to client
3) then client puts UPN into InitializeSecurityContext() and sends the
resulting blob to server.
(following steps omitted)

The 255 limit is would be a limit in step 1).  But since payload is not used
in this step , there is also no limit.

Wlad