From e6dc623878d8c85b595d963635e15288fa79c4bc Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Tue, 14 Apr 2009 15:56:11 +0000
Subject: [PATCH] Fix issue 2896: The server should return "Protocol Error" after a bind with a unrecognised version number

---
 opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
index 3ee4010..57b27e5 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
@@ -1834,8 +1834,16 @@
       versionString = "3";
       break;
     default:
-      versionString = String.valueOf(ldapVersion);
-      break;
+      // Unsupported protocol version. RFC4511 states that we MUST send
+      // a protocol error back to the client.
+      BindResponseProtocolOp responseOp =
+          new BindResponseProtocolOp(LDAPResultCode.PROTOCOL_ERROR,
+              ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(ldapVersion));
+      sendLDAPMessage(new LDAPMessage(message.getMessageID(),
+          responseOp));
+      disconnect(DisconnectReason.PROTOCOL_ERROR, false,
+          ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(ldapVersion));
+      return false;
     }
 
     ByteString bindDN = protocolOp.getDN();

--
Gitblit v1.10.0