Bug 49930

Summary: Openldap syntax evaluation of attribute preferredDeliveryMethod broken
Product: UCS Reporter: Julia Bremer <bremer>
Component: LDAPAssignee: Julia Bremer <bremer>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: enhancement    
Priority: P5 CC: best, bremer, mathieu.simon
Version: UCS 4.4   
Target Milestone: UCS 4.4-1-errata   
Hardware: Other   
OS: Linux   
URL: https://bugs.openldap.org/show_bug.cgi?id=9067
What kind of report is it?: Bug Report What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.017 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: syntax patch
patch for DeliveryMethodValidate

Description Julia Bremer univentionstaff 2019-07-29 11:24:23 CEST 
Created attachment 10136 [details]
syntax patch

The Attribute preferredDeliveryMethod is an ordered set of values, which are separated by "$" Symbols.

The syntax is described here:
https://tools.ietf.org/html/rfc4517#page-8

Every set of values returns a syntax error, even if the syntax is correct according to the syntax description.
This is due to an error in servers/slapd/schema_init.c deliveryMethodValidate
Comment 1 Julia Bremer univentionstaff 2019-07-29 17:24:03 CEST 
Created attachment 10137 [details]
patch for DeliveryMethodValidate
Comment 2 Julia Bremer univentionstaff 2019-07-29 17:25:06 CEST 
Successful build
Package: openldap
Version: 2.4.45+dfsg-1~bpo9+1A~4.4.0.201907291444
Branch: ucs_4.4-0
Scope: errata4.4-1

Build with attached patch
Comment 3 Florian Best univentionstaff 2019-07-29 17:32:01 CEST 
Can you give some more information in this bug report?:
* Did you write that patch yourself or is it part of e.g. a newer debian release, openldap, etc.?
* Is there an upstream bug report?
Comment 4 Julia Bremer univentionstaff 2019-07-29 18:39:57 CEST 
* I created this patch
* There is no upstream bug report yet, but I am planning one creating one.

Further details:
The syntax of preferredDeliveryMethod is a list of specified strings, separated by ' $ '.

If only one value is set, e.g "physical" the syntax check works and returns valid.
As soon as one specifies more e.g "telephone $ videotex" 
(which should work since this is an official example for the syntax)

ldap_modify: Invalid syntax (21)
	additional info: preferredDeliveryMethod: value #0 invalid per syntax

is returned.

This is due to a trivial error in the function deliveryMethodValidate, which 
causes the syntax check to analyse the string backwards after the first space character.
The attached patch fixes this.
Comment 5 Florian Best univentionstaff 2019-07-30 08:54:36 CEST 
Cool, thanks!
Comment 6 Arvid Requate univentionstaff 2019-08-05 21:25:05 CEST 
Verified:
* Package cherry picked from errata4.3-1 to errata4.4-1
* Patches merged from 4.3-0-0-ucs/2.4.45+dfsg-1~bpo9+1-errata4.3-1
* New patch Ok: 99_preferredDeliveryMethod_syntax.patch
* Patch applied during built
  (documented in /usr/share/doc/slapd/changelog.Debian.gz)
* Functional test with example from RFC: Ok
* Advisory: Ok
Comment 7 Erik Damrose univentionstaff 2019-08-07 15:44:35 CEST 
<http://errata.software-univention.de/ucs/4.4/208.html>
Comment 8 Mathieu Simon 2019-08-08 14:34:14 CEST 
Hi Julia

Thanks for that fix, when you have proposed the patch upstream, could you reference the OpenLDAP ITS issue number here?

This would allow cross-referencing the bug between up- and downstream.

Regards
Mathieu