Bug 629710
| Summary: | escape_string does not check '\<HEX><HEX>' | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Noriko Hosoi <nhosoi> | ||||
| Component: | Directory Server | Assignee: | Noriko Hosoi <nhosoi> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 1.2.7 | CC: | amsharma, msauton, rmeggins | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-12-07 17:00:00 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 576869, 639035 | ||||||
| Attachments: |
|
||||||
|
Description
Noriko Hosoi
2010-09-02 19:03:01 UTC
Created attachment 442728 [details]
git patch file (master)
Description: do_escape_string (core of escape_string) converted
'\\ (backslash)' to '\5C' even if the following 2 characters are
hex digits. That is, the character is already escaped. This
patch checks the case and if it is, it does not escape it further.
File: ldap/servers/slapd/util.c
Test results: source: ou="cn=A,ou=C,c=D",dc=example,dc=com ==> access log: ou=cn\3DA\2Cou\3DC\2Cc\3DD,dc=example,dc=com source: cn=a\=b\,c\=d, dc=example,dc=com ==> access log: cn=a\3Db\2Cc\3Dd,dc=example,dc=com source: cn=l\3Dm\2Cn\3Do, dc=example,dc=com ==> access log: cn=l\3Dm\2Cn\3Do,dc=example,dc=com source: OU=Sales+CN=J. Smith,DC=example,DC=com ==> access log: CN=J. Smith+OU=Sales,DC=example,DC=com source: CN=BeforeNL\0aAfterNL,DC=example,DC=com ==> access log: CN=BeforeNL\0aAfterNL,DC=example,DC=com source: CN=Before\0dAfter,DC=example,DC=com ==> access log: CN=Before\0dAfter,DC=example,DC=com source: CN=James \"Jim\" Smith\, III,dc=example,dc=com ==> access log: CN=James \22Jim\22 Smith\2CIII,dc=example,dc=com source: CN=Lu\C4\8Di\C4\87, dc=example,dc=com ==> access log: CN=Lu\c4\8di\c4\87,dc=example,dc=com Reviewed by Rich (Thank you!!!) Pushed to master. $ git merge 629710 Updating 3501420..34c0dfe Fast-forward ldap/servers/slapd/util.c | 46 +++++++++++++++++++++++++++++--------------- 1 files changed, 30 insertions(+), 16 deletions(-) $ git push Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (6/6), 1.07 KiB, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 3501420..34c0dfe master -> master just wanted to add a possible related test scenario: mmr replication broken after restore: - have 2x mmr - subtree backup directory server on a redhat idm console for master1 - one change on master1 in the test sub tree, replicated to master2 - subtree restore directory server from the redhat idm console for master1 - then master 2 and 1 are no longer in sync until a re-init, and in errors log on master1: sub tree is dc=testme2 [08/Sep/2010:21:04:51 -0700] conn=7 op=36 SRCH base="cn=dc\5c3Dmstest2,cn=mapping tree,cn=config" scope=2 filter="(|(objectClass=nsDS5ReplicationAgreement)(objectClass=LDAPReplica)(objectClass=nsDSWindowsReplicationAgreement))" attrs=ALL [08/Sep/2010:21:04:51 -0700] conn=7 op=36 RESULT err=0 tag=101 nentries=1 etime=0 [08/Sep/2010:21:04:51 -0700] conn=7 op=37 SRCH base="cn=replica,cn=dc\5c3Dms2-test1.lab.sjc.redhat.com-cert-ms2-test1,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [08/Sep/2010:21:04:51 -0700] conn=7 op=37 RESULT err=32 tag=101 nentries=0 etime=0 [08/Sep/2010:21:04:51 -0700] conn=7 op=38 SRCH base="cn=replica,cn=dc\5c3Dms2-test1.lab.sjc.redhat.com-pki-catest1,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [08/Sep/2010:21:04:51 -0700] conn=7 op=38 RESULT err=32 tag=101 nentries=0 etime=0 [08/Sep/2010:21:04:51 -0700] conn=7 op=39 SRCH base="cn=replica,cn=o\5c3Dnetscaperoot,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [08/Sep/2010:21:04:51 -0700] conn=7 op=39 RESULT err=32 tag=101 nentries=0 etime=0 [08/Sep/2010:21:04:51 -0700] conn=7 op=40 SRCH base="cn=replica,cn=o\5c3Dstate.sc.us,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [08/Sep/2010:21:04:51 -0700] conn=7 op=40 RESULT err=32 tag=101 nentries=0 etime=0 [08/Sep/2010:21:04:51 -0700] conn=7 op=41 SRCH base="cn=replica,cn=dc\5c3Dlab\5c2Cdc\5c3Dsjc\5c2Cdc\5c3Dredhat\5c2Cdc\5c3Dcom,cn=mapping tree,cn=config" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL [08/Sep/2010:21:04:51 -0700] conn=7 op=41 RESULT err=32 tag=101 nentries=0 etime=0 [root@rhel61-ds90-amita ~]# ldapsearch -x -p 20100 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=mapping tree,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=mapping tree,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# mapping tree, config
dn: cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
cn: mapping tree
# dc\3Dreplsuffix\2Cdc\3Dcom, mapping tree, config
dn: cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=replsuffix,dc=com
cn: "dc=replsuffix,dc=com"
nsslapd-state: backend
nsslapd-backend: userRoot
nsslapd-referral: ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20106/dc%3Dr
eplsuffix%2Cdc%3Dcom
nsslapd-referral: ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20104/dc%3Dr
eplsuffix%2Cdc%3Dcom
nsslapd-referral: ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20102/dc%3Dr
eplsuffix%2Cdc%3Dcom
# o\3Dnewfr, mapping tree, config
dn: cn=o\3Dnewfr,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=newfr"
cn: o=newfr
nsslapd-state: backend
nsslapd-backend: repman20100
# ou\3DRanges\2Co\3Ddna.net, mapping tree, config
dn: cn=ou\3DRanges\2Co\3Ddna.net,cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "ou=Ranges,o=dna.net"
cn: ou=Ranges,o=dna.net
nsslapd-state: backend
nsslapd-backend: Rangesdb
# replica, dc\3Dreplsuffix\2Cdc\3Dcom, mapping tree, config
dn: cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replica
objectClass: extensibleobject
cn: replica
nsDS5ReplicaRoot: dc=replsuffix,dc=com
nsDS5ReplicaId: 1
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=Replication Manager,o=newfr
nsState:: AQAAAAAAAACw9wpOAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAA==
nsDS5ReplicaName: 2a7eda02-966311e0-9e4edf77-817ae936
nsds5ReplicaChangeCount: 3
nsds5replicareapactive: 0
# 20100_to_20103, replica, dc\3Dreplsuffix\2Cdc\3Dcom, mapping tree, config
dn: cn=20100_to_20103,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree
,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: 20100_to_20103
nsDS5ReplicaHost: rhel61-ds90-amita.idm.lab.bos.redhat.com
nsDS5ReplicaPort: 20103
nsDS5ReplicaBindDN: cn=Replication Manager,o=newfr
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=replsuffix,dc=com
description: 20100_to_20103
nsDS5ReplicaUpdateSchedule: 0000-2359 0123456
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaCredentials: {DES}HQcQHID5cKd72BP86ZXX5w==
nsds50ruv: {replicageneration} 4df72097000000010000
nsds50ruv: {replica 2 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20102}
nsds50ruv: {replica 1 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20100} 4
df74286000000010000 4df74339000000010000
nsds50ruv: {replica 4 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20106}
nsds50ruv: {replica 3 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20104}
nsruvReplicaLastModified: {replica 2 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20102} 00000000
nsruvReplicaLastModified: {replica 1 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20100} 00000000
nsruvReplicaLastModified: {replica 4 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20106} 00000000
nsruvReplicaLastModified: {replica 3 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20104} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 0
nsds5replicaLastUpdateEnd: 0
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 No replication sessions started since server s
tartup
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
# 20100_to_20105, replica, dc\3Dreplsuffix\2Cdc\3Dcom, mapping tree, config
dn: cn=20100_to_20105,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree
,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: 20100_to_20105
nsDS5ReplicaHost: rhel61-ds90-amita.idm.lab.bos.redhat.com
nsDS5ReplicaPort: 20105
nsDS5ReplicaBindDN: cn=Replication Manager,o=newfr
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=replsuffix,dc=com
description: 20100_to_20105
nsDS5ReplicaUpdateSchedule: 0000-2359 0123456
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaCredentials: {DES}HQcQHID5cKd72BP86ZXX5w==
nsds50ruv: {replicageneration} 4df72097000000010000
nsds50ruv: {replica 3 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20104}
nsds50ruv: {replica 2 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20102}
nsds50ruv: {replica 1 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20100} 4
df74286000000010000 4df74339000000010000
nsds50ruv: {replica 4 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20106}
nsruvReplicaLastModified: {replica 3 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20104} 00000000
nsruvReplicaLastModified: {replica 2 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20102} 00000000
nsruvReplicaLastModified: {replica 1 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20100} 00000000
nsruvReplicaLastModified: {replica 4 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20106} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 0
nsds5replicaLastUpdateEnd: 0
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 No replication sessions started since server s
tartup
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
# 20100_to_20107, replica, dc\3Dreplsuffix\2Cdc\3Dcom, mapping tree, config
dn: cn=20100_to_20107,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree
,cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: 20100_to_20107
nsDS5ReplicaHost: rhel61-ds90-amita.idm.lab.bos.redhat.com
nsDS5ReplicaPort: 20107
nsDS5ReplicaBindDN: cn=Replication Manager,o=newfr
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=replsuffix,dc=com
description: 20100_to_20107
nsDS5ReplicaUpdateSchedule: 0000-2359 0123456
nsDS5ReplicaTransportInfo: SSL
nsDS5ReplicaCredentials: {DES}HQcQHID5cKd72BP86ZXX5w==
nsds50ruv: {replicageneration} 4df72097000000010000
nsds50ruv: {replica 4 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20106}
nsds50ruv: {replica 3 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20104}
nsds50ruv: {replica 2 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20102}
nsds50ruv: {replica 1 ldap://rhel61-ds90-amita.idm.lab.bos.redhat.com:20100} 4
df74286000000010000 4df74339000000010000
[root@rhel61-ds90-amita ~]# ldapsearch -x -p 20100 -h localhost -D "cn=Directory Manager" -w Secret123 -b "cn=20100_to_20107,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree,cn=config"
# extended LDIF
#
# LDAPv3
# base <cn=20100_to_20107,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# 20100_to_20107, replica, dc\3Dreplsuffix\2Cdc\3Dcom, mapping tree, config
dn: cn=20100_to_20107,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree
,cn=config
objectClass: top
objectClass: nsds5replicationagreement
[root@rhel61-ds90-amita ~]# tail -f /var/log/dirsrv/slapd-M1/access
[08/Jul/2011:17:33:52 +051800] conn=9 op=1 RESULT err=0 tag=101 nentries=8 etime=0
[08/Jul/2011:17:33:52 +051800] conn=9 op=2 UNBIND
[08/Jul/2011:17:33:52 +051800] conn=9 op=2 fd=64 closed - U1
[08/Jul/2011:17:34:42 +051800] conn=10 fd=64 slot=64 connection from ::1 to ::1
[08/Jul/2011:17:34:42 +051800] conn=10 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[08/Jul/2011:17:34:42 +051800] conn=10 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[08/Jul/2011:17:34:42 +051800] conn=10 op=1 SRCH base="cn=20100_to_20107,cn=replica,cn=dc\3Dreplsuffix\2Cdc\3Dcom,cn=mapping tree,cn=config" scope=2 filter="(objectClass=*)" attrs=ALL
[08/Jul/2011:17:34:42 +051800] conn=10 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[08/Jul/2011:17:34:42 +051800] conn=10 op=2 UNBIND
[08/Jul/2011:17:34:42 +051800] conn=10 op=2 fd=64 closed - U1
nsruvReplicaLastModified: {replica 4 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20106} 00000000
nsruvReplicaLastModified: {replica 3 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20104} 00000000
nsruvReplicaLastModified: {replica 2 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20102} 00000000
nsruvReplicaLastModified: {replica 1 ldap://rhel61-ds90-amita.idm.lab.bos.redh
at.com:20100} 00000000
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 0
nsds5replicaLastUpdateEnd: 0
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 No replication sessions started since server s
tartup
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 0
nsds5replicaLastInitEnd: 0
# search result
search: 2
result: 0 Success
# numResponses: 9
# numEntries: 8
Hence VERIFIED
|