1 files changed, 19 insertions, 2 deletions

diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index b17d5dc461..5b22825da4 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -1066,6 +1066,23 @@ static void ldap_decode_response(TALLOC_CTX *mem_ctx,
 	asn1_end_tag(data);
 }
 
+/* read a octet string blob */
+static BOOL asn1_read_ContextSimple(ASN1_DATA *data, uint8_t num, DATA_BLOB *blob)
+{
+	int len;
+	ZERO_STRUCTP(blob);
+	if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(num))) return False;
+	len = asn1_tag_remaining(data);
+	if (len < 0) {
+		data->has_error = True;
+		return False;
+	}
+	*blob = data_blob(NULL, len);
+	asn1_read(data, blob->data, len);
+	asn1_end_tag(data);
+	return !data->has_error;
+}
+
 static void ldap_decode_BindResponse(TALLOC_CTX *mem_ctx,
 				 ASN1_DATA *data,
 				 enum ldap_request_tag tag,
@@ -1075,9 +1092,9 @@ static void ldap_decode_BindResponse(TALLOC_CTX *mem_ctx,
 	asn1_read_enumerated(data, &BindResp->response.resultcode);
 	asn1_read_OctetString_talloc(mem_ctx, data, &BindResp->response.dn);
 	asn1_read_OctetString_talloc(mem_ctx, data, &BindResp->response.errormessage);
-	if (asn1_peek_tag(data, ASN1_OCTET_STRING)) {
+	if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(7))) {
 		DATA_BLOB tmp_blob = data_blob(NULL, 0);
-		asn1_read_OctetString(data, &tmp_blob);
+		asn1_read_ContextSimple(data, 7, &tmp_blob);
 		BindResp->SASL.secblob = data_blob_talloc(mem_ctx, tmp_blob.data, tmp_blob.length);
 		data_blob_free(&tmp_blob);
 	} else {