Bug 28646 – Listener interprets faulty LDAP Filter in listener modules as matching always

Bug 28646 - Listener interprets faulty LDAP Filter in listener modules as matching always


Summary:	Listener interprets faulty LDAP Filter in listener modules as matching always

Status:	REOPENED

Product:	UCS
Classification:	Unclassified
Component:	Listener (univention-directory-listener)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal with 1 vote (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-09-25 19:39 CEST by Arvid Requate
Modified:	2024-02-22 12:02 CET (History)
CC List:	4 users (show)

See Also:	28645 34276 48196 52405 37170
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2023071921000414
Bug group (optional):	Error handling
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2012-09-25 19:39:22 CEST

Die an Bug #28645 beobachtete Interpretation der LDAP-Filter in den Listener-Modulen könnte an den folgenden Zeilen in univention-directory-listener/src/filter.c liegen:

============================================================================
static int __cache_entry_ldap_filter_match(char* filter, int first, int last, CacheEntry *entry)
{
        /* sanity check */
        if (filter[first] != '(' || filter[last] != ')')
                return -1;
============================================================================

und

============================================================================
int cache_entry_ldap_filter_match(struct filter **filter, char *dn, CacheEntry *entry)
{
    /*...*/
    if (__cache_entry_ldap_filter_match((*f)->filter, 0, len-1, entry))
                        return 1;
============================================================================

Insgesamt sorgt das dafür, dass bei fehlschlagendem sanity check der Filter als gültig angesehen wird. Hier wäre zumindest eine zusätzliche Fehlermeldung sinnvoll.




+++ This bug was initially created as a clone of Bug #28645 +++

Comment 1 Ingo Steuwer

2020-07-03 20:51:52 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.

Comment 2 Florian Best

2020-07-14 13:50:14 CEST

I thought this is unrelevant but I saw Bug #28645 and see it's still relevant and broken in-use.

Comment 3 Philipp Hahn

2020-11-21 07:48:20 CET

Happened again with Bug #52405

Comment 4 Julia Bremer

2023-08-22 21:41:27 CEST

Happened again with an implementation by professional service.
This is really easy to miss during testing and should really be fixed.