Bug ID 513545: '-decode' option produce incorrect value when it decodes a single value

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6

Opened: Mar 20, 2015

Severity: 3-Major

Symptoms

When a session variable set by AD/LDAP module is HEX-encoded, it is possible to decode it with the -decode option for the mcget command. The option works correctly when the session variable contains multiple values (such as | 0xABCD | 0xDCBA |), but it does not work properly with a single encoded value (such as0xABCD).

Impact

As a result, the access policy does not follow the expected branch rule.

Conditions

The problem occurs under these conditions: the -decode option is specified when retrieving a HEX-encoded variable, and the session variable contains only one value/

Workaround

While decoding a single value, the mcget command produces a result like EncodedValueDecodedValue. For example, for encoded string 0x616161, the result of the operation will be 616161aaa. It is possible to write a Tcl expression in the Variable Assign agent that truncates the left half of the string and leaves aaa, the decoded value only.

Fix Information

The -decode option works as expected for single-value and multi-value session variables.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips