[389-devel] Please review: [Bug 199923] subtree search fails to find items under a db containing special characters

Noriko Hosoi nhosoi at redhat.com
Mon Mar 8 20:34:01 UTC 2010 

Subject: subtree search fails to find items under a db containing 
special characters

https://bugzilla.redhat.com/show_bug.cgi?id=199923

This bug had been reopened due to the regression.

[Proposed Fix]
https://bugzilla.redhat.com/attachment.cgi?id=398612&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=398612&action=edit

Files:
   ldap/servers/plugins/syntaxes/validate.c
   ldap/servers/slapd/dn.c

Problem Description:
A simple failed case observed before applying the patch:
$ /usr/lib64/mozldap/ldapmodify -p 10389 -D 'cn=directory manager' -w pw<<  EOF
dn: ou=\#\<,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: \#\<
EOF
ldap_add: Invalid DN syntax
ldap_add: additional info: DN value invalid per syntax

Fix Description:
dn.c: Based upon RFC 4514, '#', '+', ';', '<','>', and '=' need to be escaped
in addition to '\\' and '"' if it appears in the DN string.
validate.c: Using the above example, if an escaped character (\<) followed by
an escaped character (\#), the pointer was moved twice skipping '\' before '<'
and it makes the validation fail.

======================================================
Breakpoint 2, rdn_validate (
     begin=0x7fd090001ed0 "ou=\\#\\<,dc=example,dc=com",
     end=0x7fd090001ee8 "m", last=0x7fd0a9bedac0)
     at ldap/servers/plugins/syntaxes/validate.c:430
430        int rc = 0; /* Assume RDN is valid */
(gdb) p p
$35 = 0x7fd090001ed3 "\\#\\<,dc=example,dc=com"
(gdb) p end
$36 = 0x7fd090001ee8 "m"
(gdb) p *p
$37 = 92 '\\'
(gdb) n
472        if (numericform) {
(gdb) n
498            if (IS_UTF1(*p)&&  !IS_ESC(*p)&&  !IS_LUTF1(*p)) {
(gdb) n
507            if (numericform) {
(gdb) n
517                if (IS_UTF1(*p)) {
(gdb) n
520                    if ((p == end)&&  !IS_TUTF1(*p)) {
(gdb) n
524                    } else if (IS_ESC(*p)) {
(gdb) n
528                        p++;<== *p is '#'
(gdb) n
529                        if (!IS_ESC(*p)&&  !IS_SPECIAL(*p)) {
(gdb) n
538                        p++;<== move the pointer to the next char '\\'
(gdb) p *p
$40 = 92 '\\'
(gdb) n
545                    p++;<== another move to '<', which needs to be escaped
(gdb) n
517                if (IS_UTF1(*p)) {
(gdb) n
520                    if ((p == end)&&  !IS_TUTF1(*p)) {
(gdb) n
524                    } else if (IS_ESC(*p)) {
(gdb) n
540                    } else if (!IS_SUTF1(*p)) {
(gdb) n
541                        rc = 1;<== failed.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6646 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20100308/ba0e71b5/attachment.bin

More information about the 389-devel mailing list