RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 918686 - Escaped character cannot be used in the substring search filter
Summary: Escaped character cannot be used in the substring search filter
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Sankar Ramalingam
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-06 18:12 UTC by Nathan Kinder
Modified: 2020-09-13 20:19 UTC (History)
3 users (show)

Fixed In Version: 389-ds-base-1.3.1.2-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 10:38:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 497 0 None None None 2020-09-13 20:19:10 UTC

Description Nathan Kinder 2013-03-06 18:12:58 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/497

Bug description:
{{{
1) add an entry including '*' in an attribute value. E.g.,
dn: uid=tuser,dc=test,dc=com
[...]
description: This is the special * attribute value

2) search with the filter "(description=*\2a*)", which is supposed to
return the entry having:
description: This is the special * attribute value

But the current version returns no entry.
}}}

Observation:

{{{
slapi_escape_filter_value replaces the original "\2a" with "\\2a".  Then,
it's escaped again by filter_strcpy_special_ext in
ldbm_search_compile_filter to "\\\\2a".  Finally, ".*\\\\2a" is passed to
PCRE.  It does not match the value "This is the special * attribute
value".

If we skip calling slapi_escape_filter_value for the filter
"(description=*\2a*)", the regular expression pattern ".*\\*" is passed to
PCRE, which returns the matched entry.
}}}
(regression: fltr_32?)

Note: without calling slapi_escape_filter_value for substring search, the existing filter tests passed 100%.
Comment 1 Rich Megginson 2013-10-01 23:26:22 UTC 
moving all ON_QA bugs to MODIFIED in order to add them to the errata (can't add bugs in the ON_QA state to an errata).  When the errata is created, the bugs should be automatically moved back to ON_QA.
Comment 3 Amita Sharma 2014-01-29 09:09:12 UTC 
[root@dhcp201-149 ~]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123  << EOF
> dn: uid=amsharma1,ou=people,dc=example,dc=com
> description: This is the special * attribute value
> cn: ams
> sn: ams
> givenname: ams
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> uid: ams
> mail: ams
> userpassword: amsamsams
> EOF
adding new entry "uid=amsharma1,ou=people,dc=example,dc=com"

[root@dhcp201-149 ~]# ldapsearch -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 -b "ou=people,dc=example,dc=com" "(description=*\2a*)"
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=example,dc=com> with scope subtree
# filter: (description=*\2a*)
# requesting: ALL
#

# amsharma1, People, example.com
dn: uid=amsharma1,ou=People,dc=example,dc=com
description: This is the special * attribute value
cn: ams
sn: ams
givenName: ams
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: ams
uid: amsharma1
mail: ams
userPassword:: e1NTSEF9Nzduc2RkWGlJdnY1bUFGQWxKM0x5dWRKVXFSb1FiSDJjLzNjeGc9PQ=

Hence VERIFIED.
Comment 4 Amita Sharma 2014-05-15 06:43:24 UTC 
[RHEL7]
[svrbld@dhcp201-149 basic]$ svn ci basic.sh -m "Added test case for bug918686"
Sending        basic.sh
Transmitting file data .
Committed revision 8686.

[svrbld@dhcp201-149 basic]$ svn add user_escape.ldif
A         user_escape.ldif
[svrbld@dhcp201-149 basic]$ svn ci user_escape.ldif -m "Added data for bug918686"
Adding         user_escape.ldif
Transmitting file data .
Committed revision 8687.
[svrbld@dhcp201-149 basic]$ 


[Trunk]
[amsharma@amsharma basic]$ svn ci basic.sh -m "Added test case for bug918686"
Sending        basic.sh
Transmitting file data .
Committed revision 8688.

[amsharma@amsharma basic]$ svn add user_escape.ldif
A         user_escape.ldif
[amsharma@amsharma basic]$ svn ci user_escape.ldif -m "Added data for bug918686"
Adding         user_escape.ldif
Transmitting file data .
Committed revision 8689.
Comment 5 Ludek Smid 2014-06-13 10:38:31 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.