https://bugzilla.redhat.com/show_bug.cgi?id=199923 This bug had been reopened due to the regression. [Proposed Fix] https://bugzilla.redhat.com/attachment.cgi?id=398612&action=diff https://bugzilla.redhat.com/attachment.cgi?id=398612&action=edit Files: ldap/servers/plugins/syntaxes/validate.c ldap/servers/slapd/dn.c Problem Description: A simple failed case observed before applying the patch: $ /usr/lib64/mozldap/ldapmodify -p 10389 -D 'cn=directory manager' -w pw<< EOF dn: ou=\#\<,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: \#\< EOF ldap_add: Invalid DN syntax ldap_add: additional info: DN value invalid per syntax Fix Description: dn.c: Based upon RFC 4514, '#', '+', ';', '<','>', and '=' need to be escaped in addition to '\\' and '"' if it appears in the DN string. validate.c: Using the above example, if an escaped character (\<) followed by an escaped character (\#), the pointer was moved twice skipping '\' before '<' and it makes the validation fail. ====================================================== Breakpoint 2, rdn_validate ( begin=0x7fd090001ed0 "ou=\\#\\<,dc=example,dc=com", end=0x7fd090001ee8 "m", last=0x7fd0a9bedac0) at ldap/servers/plugins/syntaxes/validate.c:430 430 int rc = 0; /* Assume RDN is valid */ (gdb) p p $35 = 0x7fd090001ed3 "\\#\\<,dc=example,dc=com" (gdb) p end $36 = 0x7fd090001ee8 "m" (gdb) p *p $37 = 92 '\\' (gdb) n 472 if (numericform) { (gdb) n 498 if (IS_UTF1(*p)&& !IS_ESC(*p)&& !IS_LUTF1(*p)) { (gdb) n 507 if (numericform) { (gdb) n 517 if (IS_UTF1(*p)) { (gdb) n 520 if ((p == end)&& !IS_TUTF1(*p)) { (gdb) n 524 } else if (IS_ESC(*p)) { (gdb) n 528 p++;<== *p is '#' (gdb) n 529 if (!IS_ESC(*p)&& !IS_SPECIAL(*p)) { (gdb) n 538 p++;<== move the pointer to the next char '\\' (gdb) p *p $40 = 92 '\\' (gdb) n 545 p++;<== another move to '<', which needs to be escaped (gdb) n 517 if (IS_UTF1(*p)) { (gdb) n 520 if ((p == end)&& !IS_TUTF1(*p)) { (gdb) n 524 } else if (IS_ESC(*p)) { (gdb) n 540 } else if (!IS_SUTF1(*p)) { (gdb) n 541 rc = 1;<== failed.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel