From 439cb53febc1e044741d701a2e58fdbb570c949c Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Tue, 14 Apr 2009 15:56:11 +0000
Subject: [PATCH] Fix issue 2896: The server should return "Protocol Error" after a bind with a unrecognised version number

---
 opendj-sdk/opends/src/messages/messages/protocol.properties                             |    4 +++-
 opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java |   12 ++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/opendj-sdk/opends/src/messages/messages/protocol.properties b/opendj-sdk/opends/src/messages/messages/protocol.properties
index d625a28..a8ec346 100644
--- a/opendj-sdk/opends/src/messages/messages/protocol.properties
+++ b/opendj-sdk/opends/src/messages/messages/protocol.properties
@@ -20,7 +20,7 @@
 #
 # CDDL HEADER END
 #
-#      Copyright 2006-2008 Sun Microsystems, Inc.
+#      Copyright 2006-2009 Sun Microsystems, Inc.
 
 
 
@@ -1402,3 +1402,5 @@
  SEVERE_ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE_1504=An error occurred \
  while attempting to initialize the SSL context for use in the LDAP \
  Connection Handler:  %s
+MILD_ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION_1505=The Directory Server does not \
+ support LDAP protocol version %d.  This connection will be closed
diff --git a/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java b/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
index 3ee4010..57b27e5 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/protocols/ldap/LDAPClientConnection.java
@@ -1834,8 +1834,16 @@
       versionString = "3";
       break;
     default:
-      versionString = String.valueOf(ldapVersion);
-      break;
+      // Unsupported protocol version. RFC4511 states that we MUST send
+      // a protocol error back to the client.
+      BindResponseProtocolOp responseOp =
+          new BindResponseProtocolOp(LDAPResultCode.PROTOCOL_ERROR,
+              ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(ldapVersion));
+      sendLDAPMessage(new LDAPMessage(message.getMessageID(),
+          responseOp));
+      disconnect(DisconnectReason.PROTOCOL_ERROR, false,
+          ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(ldapVersion));
+      return false;
     }
 
     ByteString bindDN = protocolOp.getDN();

--
Gitblit v1.10.0