Bug 53820 – Searching for settings/data data=* binary property raises UnicodeDecodeError

Bug 53820 - Searching for settings/data data=* binary property raises UnicodeDecodeError


Summary:	Searching for settings/data data=* binary property raises UnicodeDecodeError

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-09-21 17:41 CEST by Florian Best
Modified:	2021-09-21 18:03 CEST (History)
CC List:	0 users

See Also:	40740
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2021-09-21 17:41:24 CEST

udm settings/data list --position ou=kenqyu3pzu,l=school,l=dev --filter=data=QlpoOTFBWSZTWb+txX8AAAAJgAxAGBAEgCAAMQwIIDNIHa4wni7kinChIX9biv4=
udm settings/ldapacl list --position ou=kenqyu3pzu,l=school,l=dev --filter=data=QlpoOTFBWSZTWb+txX8AAAAJgAxAGBAEgCAAMQwIIDNIHa4wni7kinChIX9biv4=
udm settings/ldapschema list --position ou=kenqyu3pzu,l=school,l=dev --filter=data=QlpoOTFBWSZTWb+txX8AAAAJgAxAGBAEgCAAMQwIIDNIHa4wni7kinChIX9biv4=
udm settings/udm_hook list --position ou=kenqyu3pzu,l=school,l=dev --filter=data=QlpoOTFBWSZTWb+txX8AAAAJgAxAGBAEgCAAMQwIIDNIHa4wni7kinChIX9biv4=
udm settings/udm_module list --position ou=kenqyu3pzu,l=school,l=dev --filter=data=QlpoOTFBWSZTWb+txX8AAAAJgAxAGBAEgCAAMQwIIDNIHa4wni7kinChIX9biv4=
udm settings/udm_syntax list --position ou=kenqyu3pzu,l=school,l=dev --filter=data=QlpoOTFBWSZTWb+txX8AAAAJgAxAGBAEgCAAMQwIIDNIHa4wni7kinChIX9biv4=

raises:

Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 213, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 380, in doit
    out = _doit(arglist)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 657, in _doit
    out.extend(cli.list(list_policies, filter, superordinate_dn, policyOptions, policies_with_DN))
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 689, in list
    return self._list(self.module_name, self.module, self.dn, self.lo, self.position, self.superordinate, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 951, in _list
    for object in univention.admin.modules.lookup(module, None, lo, scope='sub', superordinate=superordinate, base=position.getDn(), filter=filter):
  File "/usr/lib/python3/dist-packages/univention/admin/modules.py", line 953, in lookup
    tmpres = module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1773, in lookup
    filter_s = cls.lookup_filter(filter_s, lo)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1804, in lookup_filter
    filter_p.append_unmapped_filter_string(filter_s, cls.rewrite_filter, module.mapping)
  File "/usr/lib/python3/dist-packages/univention/admin/filter.py", line 124, in append_unmapped_filter_string
    walk(filter_p, rewrite_function, arg=mapping)
  File "/usr/lib/python3/dist-packages/univention/admin/filter.py", line 313, in walk
    expression_walk_function(filter_p, arg)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1867, in rewrite_filter
    filter.value = mapping.mapValueDecoded(key, filter.value)
  File "/usr/lib/python3/dist-packages/univention/admin/mapping.py", line 564, in mapValueDecoded
    value = value.decode(*self.getEncoding(map_name))
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xbf in position 10: invalid start byte

The LDAP attributes univentionData, univentionLDAPACLData, univentionLDAPSchemaData, univentionUDMHookData, univentionUDMModuleData, univentionUDMSyntaxData are defined with SYNTAX=1.3.6.1.4.1.1466.115.121.1.5 - Binary syntax and without an EQUALITY matching rule. Therefore a search will never yield any results.
And even if, afaik a LDAP search filter can only contain UTF-8 characters.

So:
1. we should set `dontsearch=True` in the property description.
2. we should prevent that exception (by raising a invalid filter exception?).
3. we should specify an encoding in the mapping: ASCII (because of base64) for the property, nothing/ISO8859-1/etc. for the LDAP attribute.

Comment 1 Florian Best

2021-09-21 18:03:55 CEST

Maybe it makes sense to raise this exception, equivalent to (un) mapValue() ?

diff --git management/univention-directory-manager-modules/modules/univention/admin/mapping.py management/univention-directory-manager-modules/modules/univention/admin/mapping.py
index 3c575728a7..83c05d8714 100644
--- management/univention-directory-manager-modules/modules/univention/admin/mapping.py
+++ management/univention-directory-manager-modules/modules/univention/admin/mapping.py
@@ -557,11 +557,14 @@ class mapping(object):
 
        def mapValueDecoded(self, map_name, value):
                value = self.mapValue(map_name, value)
-               if isinstance(value, (list, tuple)):
-                       ud.debug(ud.ADMIN, ud.WARN, 'mapValueDecoded returns a list for %s. This is probably not wanted?' % map_name)
-                       value = [val.decode(*self.getEncoding(map_name)) for val in value]
-               else:
-                       value = value.decode(*self.getEncoding(map_name))
+               try:
+                       if isinstance(value, (list, tuple)):
+                               ud.debug(ud.ADMIN, ud.WARN, 'mapValueDecoded returns a list for %s. This is probably not wanted?' % map_name)
+                               value = [val.decode(*self.getEncoding(map_name)) for val in value]
+                       else:
+                               value = value.decode(*self.getEncoding(map_name))
+               except UnicodeDecodeError:
+                       raise univention.admin.uexceptions.valueInvalidSyntax(_('Invalid encoding for %s') % (map_name,))
                return value
 
        def unmapValue(self, unmap_name, value):