[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4648) ldap_pvt_put_filter() succeeds on certain incorrect ldap filters



At 02:37 PM 8/23/2006, john.bowers@quest.com wrote:
>Full_Name: John Bowers
>Version: 2.3.27
>OS: Suse Linux 9.1
>URL: ftp://ftp.openldap.org/incoming/john-bowers-06-08-23.patch

The patch is not yet available at this URL.  Though a copy is
provided in the body of the report, such copies cannot be used
with common developer tools (like patch) as they are generally
mangled.

I noticed that you included a "notice of origin" but did not
include a "rights statement".  Please provide both when
uploading the patch to the location specified above.

-- Kurt


>Submission from: (NULL) (192.41.88.6)
>
>
>The ldap_search code uses ldap_pvt_put_filter() to add the search filter to the
>search request.  Certain (if I am not enirely mistaken) invalid search filters
>are successfully added by the ldap_pvt_put_filter() code.  An example of this
>type of search filter follows:
>
>"(objectclass=group)(cn=test)"
>
>This sort of concatenation of search filters is always "successfully" processed
>by ldap_pvt_put_filter().  If ldap_pvt_put_filter() failed (as it easily could)
>then a more accurate error message would be delivered, and a error could be
>determined without causing network traffic.
>
>I have prepared a small patch, I have attempted to upload the patch to your ftp
>server, but it does not appear to be accepting working properly right now. 
>Because of this (and the fact that patch is rather small) I will include the
>patch text in this bug report.
>
>Essentially the patch just keeps track of the number of complex and simple
>filters that are added.  If there is more than 1 filter (any combination of
>complex or simple filters), ldap_pvt_put_filter() will fail appropriately.
>patch below
>------
>/* This patch file is derived from OpenLDAP Software.
> * All of the modifications to OpenLDAP Software represented
> * in the following patch(es) were developed by John Bowers
> * John.Bowers@quest.com. These modifications are not
> * subject to any license of Quest software. */
>--- openldap-2.3.27/libraries/libldap/filter.c  2006-01-03 15:16:08.000000000
>-0700
>+++ openldap-2.3.27_patch/libraries/libldap/filter.c    2006-08-23
>14:17:13.326437600 -0600
>@@ -331,7 +331,7 @@
>        char    *freeme;
>        char    *str;
>        char    *next;
>-       int     parens, balance, escape;
>+       int     parens, balance, escape, simple, complex;
>
>        /*
>         * A Filter looks like this:
>@@ -373,6 +373,8 @@
>        str = freeme;
>
>        parens = 0;
>+       simple = 0;
>+       complex = 0;
>        while ( *str ) {
>                switch ( *str ) {
>                case '(': /*')'*/
>@@ -392,6 +394,8 @@
>                                if( str == NULL ) {
>                                        rc = -1;
>                                        goto done;
>+                               } else {
>+                                       complex++;
>                                }
>
>                                parens--;
>@@ -406,6 +410,8 @@
>                                if( str == NULL ) {
>                                        rc = -1;
>                                        goto done;
>+                               } else {
>+                                       complex++;
>                                }
>
>                                parens--;
>@@ -420,6 +426,8 @@
>                                if( str == NULL ) {
>                                        rc = -1;
>                                        goto done;
>+                               } else {
>+                                       complex++;
>                                }
>
>                                parens--;
>@@ -461,6 +469,8 @@
>                                if ( put_simple_filter( ber, str ) == -1 ) {
>                                        rc = -1;
>                                        goto done;
>+                               } else {
>+                                       simple++;
>                                }
>
>                                *next++ = /*'('*/ ')';
>@@ -493,13 +503,15 @@
>                        if ( put_simple_filter( ber, str ) == -1 ) {
>                                rc = -1;
>                                goto done;
>+                       } else {
>+                               simple++;
>                        }
>                        str = next;
>                        break;
>                }
>        }
>
>-       rc = parens ? -1 : 0;
>+       rc = ( parens || ( simple + complex > 1 ) ) ? -1 : 0;
>
> done:
>        LDAP_FREE( freeme );