[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3233)



> Full_Name: Yoel Jacobsen
> Version: 2.2.13,2.2.14
> OS: Fedora Core 1, Solaris 9
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (82.166.103.48)
>
>
> It seems the ldap_explode_dn now crash if a DN component includes more
than one
> instance of the '=' character.
>
> For instance: cn=uid=yoel_o=org,o=org.
>
> In 2.2.6 ldap_explode_dn return for the above DN the following array:
['cn=uid=yoel_o=org', 'o=org]
>
> In recent versions (verified with 2.2.13 and 2.2.14) it just breaks.

It is unclear what you mean by "crash" or "explode" in terms of computer
science.  Your simple test program crashes because it doesn't test the
value returned by ldap_explode_dn() before dereferencing it.
Since ldap_explode_dn()'s API is poorly designed (in fact, it's
currently deprecated), it doesn't give any hint about why the DN
"explosion" failed, and simply returns NULL if any error occurred.

Current OpenLDAP code treats the use of unescaped EQUALS ('=') in the
string representation of a DN as an error.
RFC2253 is ambiguous on the subject, and draft-ietf-ldapbis-dn clarifies
this point by making it legal.  Future versions of OpenLDAP software will
implement this (HEAD already does), but right now it's not.

See ITS#3229 for further clarification and for a possible fix, if you need
it.

p.

>
> Test program below (run with a DN to explode as the argument
> =============================================================
> #include <stdio.h>
> #include <ldap.h>
>
> int main(int argc, char **argv)
> {
> 	char	**result;
> 	int	i;
>
> 	if (argc != 2){
> 		printf("Usage: %s DN\n", argv[0]);
> 		exit(1);
> 	}
>
> 	result = ldap_explode_dn(argv[1], 0);
>
> 	i = 0;
>
> 	printf("[");
> 	while(result[i] != NULL){
> 		printf("%s, ", result[i]);
> 		i++;
> 	}
>
> 	printf("\b\b]\n");
>
> }
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497