Univention Bugzilla – Bug 41111
allocators doesn't escape values in LDAP filter
Last modified: 2018-04-13 13:29:52 CEST
Created attachment 7616 [details] patch The allocator.py doesn't escape values in LDAP filter. E.g. modify a user's mailPrimaryAddress to include special characters causes ldap filter injection: LDAP-Fehler Bad search filter: mailPrimaryAddress=tim2)@school.local Or: udm groups/group create --set name=foo --set mailAddress='foo(bar@school.local' The mail address is already in use. Attached is a patch which fixes it. +++ This bug was initially created as a clone of Bug #28662 +++ Wird versucht über einen UDM-Allocator ein Attribut mit einem Value zu reservieren, der Klammern enthält, wird ein Traceback geworfen, weil der Suchfilter anschließend nicht gültig ist. [...] File "/usr/lib/python2.4/site-packages/univention/admin/handlers/my/module.py", line 168, in _ldap_addlist univention.admin.allocators.request(self.lo, self.position, ldapattr, value = self[propertyname]) File "/usr/lib/python2.4/site-packages/univention/admin/allocators.py", line 167, in request return acquireUnique(lo, position, type, value, _type2attr[type], scope = _type2scope[type]) File "/usr/lib/python2.4/site-packages/univention/admin/allocators.py", line 157, in acquireUnique if not lo.searchDn(base=searchBase, filter='%s=%s' % (attr, value)): File "/usr/lib/python2.4/site-packages/univention/admin/uldap.py", line 331, in searchDn raise univention.admin.uexceptions.ldapError, _err2str(msg) univention.admin.uexceptions.ldapError: Bad search filter In UCS 2.4 aufgefallen, betrifft aber alle Versionen. Es gibt noch mehr Stellen im allocator, die ebenfalls betroffen sind. Bitte mitfixen. Der Value sollte mit ldap.filter.escape_filter_chars() vorher umkodiert werden.
*** This bug has been marked as a duplicate of bug 40129 ***
<http://errata.software-univention.de/ucs/4.1/207.html> <http://errata.software-univention.de/ucs/4.1/208.html>