Univention Bugzilla – Bug 28646
Listener interprets faulty LDAP Filter in listener modules as matching always
Last modified: 2024-02-22 12:02:52 CET
Die an Bug #28645 beobachtete Interpretation der LDAP-Filter in den Listener-Modulen könnte an den folgenden Zeilen in univention-directory-listener/src/filter.c liegen: ============================================================================ static int __cache_entry_ldap_filter_match(char* filter, int first, int last, CacheEntry *entry) { /* sanity check */ if (filter[first] != '(' || filter[last] != ')') return -1; ============================================================================ und ============================================================================ int cache_entry_ldap_filter_match(struct filter **filter, char *dn, CacheEntry *entry) { /*...*/ if (__cache_entry_ldap_filter_match((*f)->filter, 0, len-1, entry)) return 1; ============================================================================ Insgesamt sorgt das dafür, dass bei fehlschlagendem sanity check der Filter als gültig angesehen wird. Hier wäre zumindest eine zusätzliche Fehlermeldung sinnvoll. +++ This bug was initially created as a clone of Bug #28645 +++
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
I thought this is unrelevant but I saw Bug #28645 and see it's still relevant and broken in-use.
Happened again with Bug #52405
Happened again with an implementation by professional service. This is really easy to miss during testing and should really be fixed.