Bug 28646 - Listener interpretiert fehlerhafte LDAP Filter in Listener-Modulen als immer zutreffend.
Listener interpretiert fehlerhafte LDAP Filter in Listener-Modulen als immer ...
Status: NEW
Product: UCS
Classification: Unclassified
Component: Listener (univention-directory-listener)
UCS 4.2
Other Linux
: P5 normal with 2 votes (vote)
: ---
Assigned To: UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-25 19:39 CEST by Arvid Requate
Modified: 2018-11-26 14:53 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2012-09-25 19:39:22 CEST
Die an Bug #28645 beobachtete Interpretation der LDAP-Filter in den Listener-Modulen könnte an den folgenden Zeilen in univention-directory-listener/src/filter.c liegen:

============================================================================
static int __cache_entry_ldap_filter_match(char* filter, int first, int last, CacheEntry *entry)
{
        /* sanity check */
        if (filter[first] != '(' || filter[last] != ')')
                return -1;
============================================================================

und

============================================================================
int cache_entry_ldap_filter_match(struct filter **filter, char *dn, CacheEntry *entry)
{
    /*...*/
    if (__cache_entry_ldap_filter_match((*f)->filter, 0, len-1, entry))
                        return 1;
============================================================================

Insgesamt sorgt das dafür, dass bei fehlschlagendem sanity check der Filter als gültig angesehen wird. Hier wäre zumindest eine zusätzliche Fehlermeldung sinnvoll.




+++ This bug was initially created as a clone of Bug #28645 +++