Bug ID 458737: non-printable characters are escaped before hexencoding

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1

Fixed In:
11.6.0, 11.5.4 HF2

Opened: Apr 24, 2014
Severity: 3-Major
Related Article:


In non-printable values of AD/LDAP attributes, BIG-IP processing escapes the "|" (pipe) character.


This creates a problem when the value is processed back to its previous value, a process that includes removing the escape characters. In this case, the resulting data does not match the original binary data.


This occurs when there is an AD/LDAP query in use and the query returns binary attributes with the "|" (pipe) character.


Unescape binary attribute values after hexdecode manipulation to match the original value.

Fix Information

When an AD or LDAP query is in use and the query returns binary attributes with the "|" (pipe) character, APM now checks whether the value contains non-printable characters, and if so, hex encodes the value. If the value is printable, APM escapes the "\" and "|" characters (because "|" is used as a separator for multivalue attributes).

Behavior Change