diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2010-04-07 10:16:22 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2010-04-07 11:01:56 -0600 |
| commit | b433e4c852a2ef78558dffc1ccbaf464c1186934 (patch) | |
| tree | f4c5793573441cafbbb513b7621b03fd6fffa9d1 | |
| parent | 0c9d4590489066d2f8dc945c9749c429972e78a9 (diff) | |
| download | ds-b433e4c852a2ef78558dffc1ccbaf464c1186934.tar.gz ds-b433e4c852a2ef78558dffc1ccbaf464c1186934.tar.xz ds-b433e4c852a2ef78558dffc1ccbaf464c1186934.zip | |
Bug 572162 - the string "|*" within a search filter on a non-indexed attribute returns all elements.
https://bugzilla.redhat.com/show_bug.cgi?id=572162
Resolves: bug 572162
Bug Description: the string "|*" within a search filter on a non-indexed attribute returns all elements.
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE interprets the '|' character as the start of
alternative branch. In the search filter, the other side of the '|' is
empty, which means match everything. The solution is to escape this and
other PCRE special chars before matching.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
| -rw-r--r-- | ldap/servers/plugins/syntaxes/string.c | 6 | ||||
| -rw-r--r-- | ldap/servers/slapd/filterentry.c | 6 | ||||
| -rw-r--r-- | ldap/servers/slapd/proto-slap.h | 2 |
3 files changed, 9 insertions, 5 deletions
diff --git a/ldap/servers/plugins/syntaxes/string.c b/ldap/servers/plugins/syntaxes/string.c index dd44a808..9b338335 100644 --- a/ldap/servers/plugins/syntaxes/string.c +++ b/ldap/servers/plugins/syntaxes/string.c @@ -262,7 +262,7 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, if ( initial != NULL ) { value_normalize( initial, syntax, 1 /* trim leading blanks */ ); *p++ = '^'; - filter_strcpy_special_ext( p, initial, FILTER_STRCPY_ESCAPE_PARENS ); + filter_strcpy_special_ext( p, initial, FILTER_STRCPY_ESCAPE_RECHARS ); p = strchr( p, '\0' ); } if ( any != NULL ) { @@ -271,7 +271,7 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, /* ".*" + value */ *p++ = '.'; *p++ = '*'; - filter_strcpy_special_ext( p, any[i], FILTER_STRCPY_ESCAPE_PARENS ); + filter_strcpy_special_ext( p, any[i], FILTER_STRCPY_ESCAPE_RECHARS ); p = strchr( p, '\0' ); } } @@ -280,7 +280,7 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final, /* ".*" + value */ *p++ = '.'; *p++ = '*'; - filter_strcpy_special_ext( p, final, FILTER_STRCPY_ESCAPE_PARENS ); + filter_strcpy_special_ext( p, final, FILTER_STRCPY_ESCAPE_RECHARS ); strcat( p, "$" ); } diff --git a/ldap/servers/slapd/filterentry.c b/ldap/servers/slapd/filterentry.c index f163b472..fad73624 100644 --- a/ldap/servers/slapd/filterentry.c +++ b/ldap/servers/slapd/filterentry.c @@ -663,7 +663,11 @@ filter_strcpy_special_ext( char *d, char *s, int flags ) break; case '(': case ')': - if (flags & FILTER_STRCPY_ESCAPE_PARENS) { + case '}': + case '{': + case '|': + case '?': + if (flags & FILTER_STRCPY_ESCAPE_RECHARS) { *d++ = '\\'; } break; diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index e67cfae7..68d5d482 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -595,7 +595,7 @@ void set_hash_filters(int i); * filterentry.c */ void filter_strcpy_special( char *d, char *s ); -#define FILTER_STRCPY_ESCAPE_PARENS 0x01 +#define FILTER_STRCPY_ESCAPE_RECHARS 0x01 void filter_strcpy_special_ext( char *d, char *s, int flags ); |